mcp-server-security-snapshot
MCP server that exposes Website Security Snapshot API as a tool for Claude and other AI agents.
Scan any public URL's HTTP security headers directly from your AI assistant — payment settled automatically on-chain via x402 (0.05 USDC on Base).
Network status: Currently on Base Sepolia testnet. Mainnet (Base) goes live 2026-03-28. Use
"NETWORK": "base-sepolia"for testing before that date; switch to"NETWORK": "base"on 2026-03-28.
Tools Provided
| Tool | Description | Cost |
|---|---|---|
scan_security_headers | Scan a URL's security headers (live, paid) | 0.05 USDC |
demo_security_snapshot | Return a pre-baked example (free) | Free |
scan_security_headers
Checks:
- HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy
- HTTPS enforcement and redirect chain
- Presence of
security.txt,robots.txt,sitemap.xml
Setup
Requirements
- A wallet with USDC on Base (mainnet) or Base Sepolia (testnet)
- Get testnet USDC free: https://faucet.circle.com
Claude Desktop
Add to claude_desktop_config.json (usually ~/Library/Application Support/Claude/ on macOS, %APPDATA%\Claude\ on Windows):
{
"mcpServers": {
"security-snapshot": {
"command": "npx",
"args": ["-y", "mcp-server-security-snapshot"],
"env": {
"WALLET_PRIVATE_KEY": "0xYOUR_PRIVATE_KEY",
"NETWORK": "base"
}
}
}
}
For testnet (free USDC from faucet):
{
"env": {
"WALLET_PRIVATE_KEY": "0xYOUR_TESTNET_KEY",
"NETWORK": "base-sepolia"
}
}
Run Directly
WALLET_PRIVATE_KEY=0x... NETWORK=base npx mcp-server-security-snapshot
Environment Variables
| Variable | Required | Default | Description |
|---|---|---|---|
WALLET_PRIVATE_KEY | Yes | — | Private key of paying wallet (0x...) |
NETWORK | No | base | base or base-sepolia |
API_BASE_URL | No | https://api.cybersecurity-japan.com | Override API endpoint |
Example Usage in Claude
Once configured, ask Claude:
"Check the security headers on https://example.com"
"Does https://mysite.com have HSTS and CSP enabled?"
"Audit the security hygiene of https://example.com and tell me what's missing"
Claude will call scan_security_headers, pay 0.05 USDC from your wallet, and return the results.
Security Note
Your WALLET_PRIVATE_KEY is used to sign USDC transactions. Use a dedicated wallet with only enough USDC for your intended usage. Do not use your main wallet.
Links
License
MIT