vigile-mcp

Security scanner for MCP servers and agent skills — query trust scores, check for vulnerabilities, and search the Vigile trust registry

GitHub

vigile-mcp

MCP server for Vigile AI Security — query trust scores for MCP servers and agent skills directly from your AI coding assistant.

Works with Claude Desktop, Claude Code, Cursor, VS Code, Windsurf, and any MCP-compatible client.

Installation

Claude Desktop

Add to your Claude Desktop config file:

macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "vigile": {
      "command": "npx",
      "args": ["-y", "vigile-mcp"]
    }
  }
}

Claude Code

claude mcp add --transport stdio vigile --scope user -- npx -y vigile-mcp

Or add to your project's .mcp.json:

{
  "vigile": {
    "command": "npx",
    "args": ["-y", "vigile-mcp"]
  }
}

Cursor

Add to ~/.cursor/mcp.json:

{
  "mcpServers": {
    "vigile": {
      "command": "npx",
      "args": ["-y", "vigile-mcp"]
    }
  }
}

VS Code (Copilot)

Add to .vscode/mcp.json in your project:

{
  "servers": {
    "vigile": {
      "command": "npx",
      "args": ["-y", "vigile-mcp"]
    }
  }
}

Windsurf

Add to ~/.codeium/windsurf/mcp_config.json:

{
  "mcpServers": {
    "vigile": {
      "command": "npx",
      "args": ["-y", "vigile-mcp"]
    }
  }
}

Global Install (Alternative)

npm install -g vigile-mcp

Then replace "command": "npx", "args": ["-y", "vigile-mcp"] with "command": "vigile-mcp" in any config above.

What It Does

Vigile scans and scores MCP servers and agent skills for security issues like tool poisoning, data exfiltration, prompt injection, and supply chain attacks. This MCP server brings those trust scores into your AI workflow — so your coding assistant can check whether a tool is safe before using it.

Covers servers from npm, Smithery, PyPI, and other registries, plus agent skills from Claude Code, Cursor, OpenClaw/ClawHub, and more.

Tools

Tool	Description
`vigile_check_server`	Look up trust score for an MCP server by name or package
`vigile_check_skill`	Look up trust score for an agent skill (claude.md, .cursorrules, OpenClaw skills, etc.)
`vigile_scan_content`	Scan raw content from a claude.md, .cursorrules, skill.md, or similar file for security issues
`vigile_search`	Search the Vigile trust registry by keyword
`vigile_verify_location`	Verify whether a skill uses location data safely and check for location-based attack patterns

Example Usage

Once installed, your AI assistant can use these tools naturally:

"Check if @anthropic/mcp-server-filesystem is safe" "Scan this claude.md file for security issues" "Search for database MCP servers and show me their trust scores"

Trust Scores

Vigile rates every server and skill on a 0-100 scale:

Score	Level	Meaning
80-100	Trusted	No significant issues found
60-79	Caution	Minor issues, review recommended
40-59	Risky	Notable security concerns
0-39	Dangerous	Critical issues, do not use

Authentication

By default, vigile-mcp uses the public Vigile registry (rate-limited). For higher limits, set your API key:

{
  "mcpServers": {
    "vigile": {
      "command": "npx",
      "args": ["-y", "vigile-mcp"],
      "env": {
        "VIGILE_API_KEY": "vgl_your_key_here"
      }
    }
  }
}

Get an API key at vigile.dev.

Rate Limits

Tier	Scans/min	Monthly Quota
Free (no key)	10	50
Pro ($30/mo)	60	1,000
Pro+ ($100/mo)	300	5,000

Registry lookups (vigile_check_server, vigile_check_skill, vigile_search) do not count against your scan quota. Only vigile_scan_content consumes scans.

Requirements

Node.js 18+
An MCP-compatible client

Disclaimer

THIS SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. Vigile AI Security provides security scanning and trust scoring as informational tools only. Trust scores, scan results, and security assessments are based on automated analysis and should not be considered definitive security guarantees.

Vigile does not guarantee the detection of all security threats, vulnerabilities, or malicious behavior. Users are solely responsible for their own security decisions and should use Vigile as one component of a comprehensive security strategy.

By using this software, you agree to the Vigile Terms of Service.

License

MIT

Servidores relacionados

Scout Monitoring MCP

patrocinador

Put performance and error data directly in the hands of your AI assistant.

Alpha Vantage MCP Server

patrocinador

Access financial market data: realtime & historical stock, ETF, options, forex, crypto, commodities, fundamentals, technical indicators, & more

AGS MCP Server

Manipulate Adventure Game Studio (AGS) compiled room (.crm) files to enable AI-powered game development.

Image Generation

Generate images from text using the Stable Diffusion WebUI API (ForgeUI/AUTOMATIC-1111).

Project Zomboid MCP Server

An AI-powered MCP server for Project Zomboid mod development, offering script validation, generation, and contextual assistance.

AIR Blackbox

EU AI Act compliance scanner for Python AI agents — 10 tools for scanning, analysis, and remediation

mcp-sync

Sync MCP server configurations across various AI coding tools.

Cloudflare MCP Server Example

A template for deploying a remote MCP server on Cloudflare Workers without authentication.

Cedardiff

Edit files using CEDARScript, a SQL-like language for code manipulation.

ChemMCP

A collection of 19 professional tools for chemical molecular processing based on the Model Context Protocol (MCP).

CopyTuner Client

Manage Rails i18n translations with CopyTuner. Search, update, and create translation keys.

Interactive Feedback MCP

Provides interactive user feedback and command execution for AI-assisted development.