VulnFeed
БесплатноНе проверенAn MCP server that scans your lockfiles (npm, PyPI, Go, Rust, Ruby, PHP) for known vulnerabilities, enriches with EPSS exploit probability scores, and recommend
Описание
An MCP server that scans your lockfiles (npm, PyPI, Go, Rust, Ruby, PHP) for known vulnerabilities, enriches with EPSS exploit probability scores, and recommends fix versions. $14/mo — not per-seat.
README
VulnFeed — Dependency Vulnerability Monitoring for Claude Code
CI PyPI License: MIT vulnfeed-mcp MCP server
An MCP server that scans your project dependencies for known vulnerabilities, enriches with EPSS exploit probability scores, and recommends fix versions.
Free tier — 10 scans/day, 1 monitored project, no signup required.
Homepage: vulnfeed.novadyne.ai
Install
uvx vulnfeed-mcp
MCP client config
Add to your MCP client config (~/.claude/settings.json for Claude Code, claude_desktop_config.json for Claude Desktop):
Free tier (no signup, no API key):
{
"mcpServers": {
"vulnfeed": {
"command": "uvx",
"args": ["vulnfeed-mcp"]
}
}
}
Paid ($14/mo, unlimited scans + projects):
{
"mcpServers": {
"vulnfeed": {
"command": "uvx",
"args": ["vulnfeed-mcp"],
"env": {
"VULNFEED_API_KEY": "YOUR_LICENSE_KEY_HERE"
}
}
}
}
Get a license key at vulnfeed.novadyne.ai.
x402 micropayments
VulnFeed also accepts x402 micropayments — AI agents can pay per scan with USDC on Base, no API key or signup needed. When the free tier limit is reached, the API returns HTTP 402 with payment requirements that x402-compatible clients handle automatically.
- $0.01 per scan
- $0.002 per CVE lookup
- $0.05 per project monitor setup
Tools
Scanning
| Tool | Description |
|---|---|
scan_project |
Auto-detect and scan all lockfiles in a directory |
scan_lockfile |
Scan a specific lockfile |
check_package |
Check a single package for vulnerabilities |
lookup_cve |
Detailed CVE info with EPSS + fix versions |
Monitoring
| Tool | Description |
|---|---|
monitor_project |
Register for continuous monitoring |
check_alerts |
New vulns since last scan |
update_deps |
Update snapshot after upgrading packages |
list_monitored |
See all monitored projects |
unmonitor_project |
Remove from monitoring |
Supported lockfiles
package-lock.json(npm)yarn.lock(Yarn)pnpm-lock.yaml(pnpm)requirements.txt(pip)Pipfile.lock(Pipenv)go.sum/go.mod(Go)Cargo.lock(Rust)Gemfile.lock(Ruby)composer.lock(PHP)
How it works
- Parses your lockfile to extract dependency names + versions
- Queries OSV.dev (NVD + GitHub Advisories) for known CVEs
- Enriches with EPSS exploit probability scores
- Filters noise — suppresses low-EPSS, non-critical CVEs by default
- Sorts by exploitability — most likely to be exploited first
- Returns fix version recommendations from package registries
Smart filtering
By default, VulnFeed suppresses low-priority CVEs (EPSS < 10% AND CVSS < 9.0). This cuts noise by ~80%.
Pass show_all=True to any scan tool to see everything.
Continuous monitoring
monitor_project— takes a baseline snapshot of current deps + known vulnscheck_alerts— diffs against baseline, surfaces only new vulns- Run
check_alertsperiodically to catch newly published CVEs
License
MIT
Установить VulnFeed в Claude Desktop, Claude Code, Cursor
unyly install vulnfeedСтавит в Claude Desktop, Claude Code, Cursor и VS Code — сам разбирается с npx, uvx и сборкой из исходников.
Впервые? Поставь CLI: curl -fsSL https://unyly.org/install | sh
Или настроить вручную
Выполни в терминале:
claude mcp add vulnfeed -- uvx vulnfeed-mcpFAQ
VulnFeed MCP бесплатный?
Да, VulnFeed MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для VulnFeed?
Нет, VulnFeed работает без API-ключей и переменных окружения.
VulnFeed — hosted или self-hosted?
Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.
Как установить VulnFeed в Claude Desktop, Claude Code или Cursor?
Открой VulnFeed на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
GitHub
PRs, issues, code search, CI status
автор: GitHubFilesystem
Secure file operations with configurable access controls.
Memory
Knowledge graph-based persistent memory system.
Template MCP Server
A CLI tool to create a new Model Context Protocol server project with TypeScript support, dual transport options, and an extensible structure
автор: mcpdotdirectCompare VulnFeed with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории development
