SSC MCP Server
MCP server for SecurityScorecard, with hybrid semantic search over all 628 API endpoints.
Documentation
SSC MCP Server
A community-built, comprehensive Model Context Protocol (MCP) server for Claude Desktop that integrates with the SecurityScorecard API.
Published on npm as
@callmarcus/securityscorecard-mcpand listed in the MCP Registry asio.github.CallMarcus/securityscorecard-mcp.
Disclaimer: This is an independent, community-built open-source project. It is not affiliated with, endorsed by, sponsored by, or associated with SecurityScorecard, Inc. in any way. It is built solely against SecurityScorecard's publicly available API documentation. "SecurityScorecard" and all related names, marks, and logos are trademarks of SecurityScorecard, Inc. and are used here for identification purposes only. You must supply your own API credentials and comply with SecurityScorecard's terms of service.
Quick Start
Prerequisites
- Node.js 18+ - Download
- SecurityScorecard API Token - Get from your SecurityScorecard dashboard
Option A — Install from npm (recommended)
No clone or build required. Point Claude Desktop at the published package with npx.
Edit your claude_desktop_config.json:
- Windows:
%APPDATA%\Claude\claude_desktop_config.json - macOS:
~/Library/Application Support/Claude/claude_desktop_config.json
{
"mcpServers": {
"security-scorecard": {
"command": "npx",
"args": ["-y", "@callmarcus/securityscorecard-mcp"],
"env": {
"SECURITY_SCORECARD_API_TOKEN": "your-api-token-here",
"COMPANY_DOMAIN": "example.com"
}
}
}
}
npx -y fetches and runs the latest published version automatically. Replace the credentials with your own, then restart Claude Desktop.
Option B — Run from source (for development)
# Clone the repository
git clone https://github.com/CallMarcus/security-scorecard-mcp.git
cd security-scorecard-mcp
# Install dependencies
npm install
# Build (use build:fast to avoid memory issues)
npm run build:fast
Then point Claude Desktop at your local build:
{
"mcpServers": {
"security-scorecard": {
"command": "node",
"args": ["/path/to/security-scorecard-mcp/build/index.js"],
"env": {
"SECURITY_SCORECARD_API_TOKEN": "your-api-token-here",
"COMPANY_DOMAIN": "example.com"
}
}
}
}
Important: Replace the path and credentials with your actual values, then restart Claude Desktop.
Available Tools
The server (index.js) provides 9 specialized tools optimized for Claude Desktop:
| Tool | Purpose |
|---|---|
security_dashboard | Score, grade, and key security metrics |
analyze_security_risks | Issue prioritization and risk analysis |
create_improvement_plan | Actionable remediation roadmaps |
discover_assets | Asset inventory with security context |
analyze_email_security | SPF/DMARC/DKIM analysis |
api_discovery | Search 628+ API endpoints with hybrid semantic/keyword search |
analyze_issue_types | Granular issue type breakdowns |
validate_data_completeness | Cross-tool data verification |
query_security_data | Direct API access with discovery |
Response Modes
Each tool supports three response modes for token efficiency:
- minimal - Quick answers (15-50 tokens)
- standard - Overview with context (200-300 tokens)
- detailed - Comprehensive analysis (800+ tokens)
Environment Variables
| Variable | Required | Description |
|---|---|---|
SECURITY_SCORECARD_API_TOKEN | Yes | Your API token |
COMPANY_DOMAIN | No | Default domain for queries |
DEBUG_MODE | No | Set true for verbose logging |
Optional rate limiting and caching:
REQUEST_CACHE_TTL_MS=300000
REQUESTS_PER_INTERVAL=5
REQUEST_INTERVAL_MS=1000
API Discovery
The server includes hybrid search (semantic + keyword) for finding SecurityScorecard API endpoints:
Use api_discovery to search for "email security"
This searches 628 indexed endpoints and returns matching paths with confidence scores, required parameters, and curl examples.
To update the API reference after changes:
npm run api:embed # Regenerate semantic embeddings
npm run api:update # Regenerate docs + embeddings
Development
Build Commands
npm run build:fast # Recommended - uses esbuild (~130ms)
npm run build # TypeScript compiler (may OOM on some systems)
npm test # Run tests
Project Structure
src/
index.ts # MCP server (9 tools)
api/client.ts # SecurityScorecard API client
integration/ # API discovery system
docs/api/ # Self-contained API reference
index.jsonl # Endpoint index (628 endpoints)
index-embeddings.json # Semantic search embeddings
build/ # Compiled JavaScript
Testing
npm test # Run test suite
Troubleshooting
Build fails with out of memory
Use the fast build instead:
npm run build:fast
"Cannot find module" errors
Reinstall dependencies:
rm -rf node_modules
npm install
npm run build:fast
Claude Desktop doesn't see the MCP
- Check the config path:
%APPDATA%\Claude\claude_desktop_config.json - Verify the path to
index.jsis correct - Restart Claude Desktop completely
API returns 401 Unauthorized
Your API token is invalid or expired. Get a new one from SecurityScorecard dashboard.
License
MIT