Submit
Seiya-wasabi

mcp-server-security-snapshot

Community Seiya-wasabi
Updated

MCP server for Website Security Snapshot API — scan security headers from Claude via x402

mcp-server-security-snapshot

MCP server that exposes Website Security Snapshot API as a tool for Claude and other AI agents.

Scan any public URL's HTTP security headers directly from your AI assistant — payment settled automatically on-chain via x402 (0.05 USDC on Base).

Network status: Currently on Base Sepolia testnet. Mainnet (Base) goes live 2026-03-28.Use "NETWORK": "base-sepolia" for testing before that date; switch to "NETWORK": "base" on 2026-03-28.

Tools Provided

Tool Description Cost
scan_security_headers Scan a URL's security headers (live, paid) 0.05 USDC
demo_security_snapshot Return a pre-baked example (free) Free

scan_security_headers

Checks:

  • HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy
  • HTTPS enforcement and redirect chain
  • Presence of security.txt, robots.txt, sitemap.xml

Setup

Requirements

Claude Desktop

Add to claude_desktop_config.json (usually ~/Library/Application Support/Claude/ on macOS, %APPDATA%\Claude\ on Windows):

{
  "mcpServers": {
    "security-snapshot": {
      "command": "npx",
      "args": ["-y", "mcp-server-security-snapshot"],
      "env": {
        "WALLET_PRIVATE_KEY": "0xYOUR_PRIVATE_KEY",
        "NETWORK": "base"
      }
    }
  }
}

For testnet (free USDC from faucet):

{
  "env": {
    "WALLET_PRIVATE_KEY": "0xYOUR_TESTNET_KEY",
    "NETWORK": "base-sepolia"
  }
}

Run Directly

WALLET_PRIVATE_KEY=0x... NETWORK=base npx mcp-server-security-snapshot

Environment Variables

Variable Required Default Description
WALLET_PRIVATE_KEY Yes Private key of paying wallet (0x...)
NETWORK No base base or base-sepolia
API_BASE_URL No https://api.cybersecurity-japan.com Override API endpoint

Example Usage in Claude

Once configured, ask Claude:

"Check the security headers on https://example.com"

"Does https://mysite.com have HSTS and CSP enabled?"

"Audit the security hygiene of https://example.com and tell me what's missing"

Claude will call scan_security_headers, pay 0.05 USDC from your wallet, and return the results.

Security Note

Your WALLET_PRIVATE_KEY is used to sign USDC transactions. Use a dedicated wallet with only enough USDC for your intended usage. Do not use your main wallet.

Links

License

MIT

MCP Server · Populars

MCP Server · New

    nteract

    semiotic

    A data visualization for AI and Streaming

    Community nteract
    rixinhahaha

    Snip

    A macOS menu-bar screenshot tool with annotation, AI-powered organization, and semantic search. Built with Electron and Ollama. Featured on Product Hunt: https://www.producthunt.com/products/snip-ai-powered-macos-screenshot-tool

    Community rixinhahaha
    blitzdotdev

    Blitz

    Blitz mac app

    Community blitzdotdev
    mozilla

    Firefox DevTools MCP

    Model Context Protocol server for Firefox DevTools - enables AI assistants to inspect and control Firefox browser through the Remote Debugging Protocol

    Community mozilla
    globau

    Firefox DevTools MCP

    Model Context Protocol server for Firefox DevTools - enables AI assistants to inspect and control Firefox browser through the Remote Debugging Protocol

    Community globau