Model Context Protocol

Security scanning,
inside your AI coding tool

Connect SiteSecurityScore to Claude Code, Cursor, or any MCP compatible client. Ask your AI to scan a site and get a full security report with specific fixes, without leaving your editor.

Get API Key

How it works

1

Add the connector

Paste one JSON snippet into your MCP client config with your API key.

2

Ask your AI to scan

Type "scan https://myapp.com for security issues" in your coding tool.

3

Get actionable fixes

Receive a security grade, issues by severity, and specific fixes your AI can apply to your code.

Setup

Add the following to your MCP client config, replacing YOUR_API_KEY with a key from your API Keys page.

.mcp.json (project root)
{
  "sitesecurityscore": {
    "type": "http",
    "url": "https://www.sitesecurityscore.com/mcp",
    "headers": {
      "Authorization": "Bearer YOUR_API_KEY"
    }
  }
}

Full walkthrough including VS Code setup and advanced workflows: How to Add a Security Scanner to Claude Code with MCP.

Works with any MCP compatible client that supports HTTP transport.

Example conversation

You

Scan https://myapp.com and tell me what security issues to fix.

Tool call

scan_site({ url: "https://myapp.com" })

Tool result
Security scan: https://myapp.com
Grade: B

PASSING
  DNS / Email Security    SPF strict, DMARC enforced, CAA set
  Clickjacking Protection frame-ancestors: none

NEEDS ATTENTION
  Content Security Policy
    [HIGH]  script-src contains 'unsafe-inline'
            Fix: replace with a per-request nonce

  Transport Security
    [MEDIUM] HSTS max-age is only 3600s
             Fix: increase to max-age=31536000
Assistant

Your site has two issues. Here's how to fix the CSP first: add a nonce to your Express middleware...

Get started

Requires a SiteSecurityScore account. Free tier included. Generate an API key and paste it into your MCP config.

Get API Key API Reference