@elytrasec/mcp
Elytra Security as a Model Context Protocol server. Give your AI coding agent (Claude Desktop, Cursor, Cline, Zed) the ability to scan smart contracts and code, check 12 famous-hack patterns, and return public Elytra security receipts — without leaving the IDE.
173 detection rules. ERC-8004 verified agent. x402 pay-per-call in USDC on Base + Solana.
Install
Claude Desktop
Add to ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows):
{
"mcpServers": {
"elytra": {
"command": "npx",
"args": ["-y", "@elytrasec/mcp@latest"]
}
}
}
Restart Claude Desktop. The 4 Elytra tools appear in the MCP indicator.
Cursor
Settings → MCP → Add server:
{ "command": "npx", "args": ["-y", "@elytrasec/mcp@latest"] }
Cline / Continue / any MCP-compatible client
Same one-liner — install as a stdio server with the npx command above.
Tools
| Tool | What it does |
|---|---|
elytra_scan |
Scan a code snippet for security vulnerabilities |
elytra_scan_address |
Scan a deployed contract by 0x address (Ethereum / Base / Arbitrum / Optimism / Polygon) |
elytra_replay_hacks |
Test code against 12 famous-exploit patterns ($3.04B combined losses): Bybit, Ronin, Euler, Beanstalk, Multichain, Curve, Radiant, zkSync, Cream, Wormhole, Nomad, Mango |
elytra_agent_identity |
Return Elytra's onchain agent card (ERC-8004, pricing, capabilities) |
Privacy & safety
This MCP server is a thin, read-only client over Elytra's public HTTP API. Specifically:
- No shell execution. The server never spawns child processes or executes shell commands.
- No file writes. The server reads nothing from disk and writes nothing to disk.
- No private keys. The server never reads, requests, generates, or stores private keys.
- No wallet signing. The server never signs transactions or messages. Any onchain payments (x402) are settled by Elytra's facilitators, not by this server.
- Sends only what you ask it to. Each tool call forwards exactly the code, address, or query the AI agent passed in — nothing more. No telemetry, no ambient file reads, no background uploads.
- May return public receipt URLs. Depending on Elytra's API mode, a scan can produce a public receipt page at
https://elytrasec.io/r/<id>. The URL is returned to you; you decide whether to share it.
Optional env vars
ELYTRA_API_KEY— Bearer key for the paid/api/v1/scanendpoint (bypasses x402 micropayment for higher throughput). Contact [email protected].ELYTRA_BASE_URL— Override the defaulthttps://elytrasec.io(for self-hosting).
Pricing
All tools above hit Elytra's free public endpoints. For higher rate limits or AI-powered deep review, the underlying API supports x402 pay-per-call in USDC on Base or Solana (1¢ per scan, 2¢ per review).
Other Elytra packages
@elytrasec/cli— same detectors, command-line.npx -y @elytrasec/cli scan .ElytraSec/elytra-action— drop into a GitHub Actions workflow.@elytrasec/engine— the underlying analysis library.
Links
- Website: https://elytrasec.io
- Playground (interactive): https://elytrasec.io/playground
- Hack Replay Library: https://elytrasec.io/hacks
- Agent card: https://elytrasec.io/.well-known/agent-card.json
License
MIT
