BoostSecurity

BoostSecurity MCP acts as a safeguard preventing agents from adding vulnerable packages into projects. It analyzes every package an AI agent introduces, flags unsafe dependencies, and recommends secure, maintained alternatives to keep projects protected.

View on GitHub →

BoostSecurity MCP: Securing Agentic AI Development Workflows

Powered by BoostSecurity

Description

Agentic AI systems can accelerate software delivery by autonomously suggesting or adding code and dependencies. However, without the right safeguards, they can also introduce significant supply chain risks by pulling in third-party packages that:

Don’t actually exist (hallucinations)
Contain known vulnerabilities, including high or critical severity issues
Are end-of-life and no longer supported
Are associated with malware or malicious activity
Mimic legitimate libraries through typosquatting

BoostSecurity MCP acts as a safeguard for agentic workflows. It analyzes every package an AI agent introduces, flags unsafe dependencies, and recommends secure, maintained alternatives to keep projects protected.

With BoostSecurity MCP, teams can:

Block unsafe or malicious packages before they are introduced
Verify that dependencies are maintained and supported
Receive recommendations for safer alternatives when risks are detected
Reduce package-related risks and strengthen the software supply chain
Confidently adopt agentic AI—supporting innovation and speed without compromising on security

Supported Languagues and Ecosystems

The following languages and package ecosystems are supported in this release:

Python – PyPI
Go – Go Modules
JavaScript/TypeScript – npm
Java – Maven
C# – NuGet

Installation

Requirements

Cursor, Claude Code, Windsurf, VS Code, and other MCP Client

Go to: Settings -> Cursor Settings -> MCP -> Add new global MCP server

See Cursor MCP docs for more info.

Cursor Remote Server Connection

{
  "mcpServers": {
    "boost-security": {
      "url": "https://mcp.boostsecurity.io/mcp",
      "transport": "http"
    }
  }
}

Once configured, under Cursor Settings -> MCP & Integrations, the BoostSecurity MCP tool is enabled for validate_package

Run this command. See Claude Code MCP docs for more info.

Claude Code Remote Server Connection

claude mcp add --scope user --transport http boost-security https://mcp.boostsecurity.io/mcp

To confirm the BoostSecurity MCP server is properly configured, type /mcp within Claude. The BoostSecurity MCP should appear as enabled.

Navigate to Windsurf Settings -> Cascade MCP Servers
Add the BoostSecurity MCP server configuration:

See Windsurf MCP docs for more info.

Windsurf Remote Server Connection

{
  "mcpServers": {
        "boost-security": {
            "serverUrl": "https://mcp.boostsecurity.io/mcp"
        }
    }
}

Alternatively, add the configuration to your Windsurf MCP config file (e.g. ~/.codeium/windsurf/mcp_config.json).

You may need to relaunch Windsurf for the new MCP server configuration to take effect.

Once configured, go to Windsurg Settings -> Manage MCPs, the BoostSecurity MCP connection should appear as enabled with the validate_package tool.

Navigate to View -> Command Palette -> MCP:Open User Configuration
Add the BoostSecurity MCP server configuration:

See VSCode MCP docs for more info.

VSCode Remote Server Connection

{
  "servers": {
    "boost-security": {
      "type": "http",
      "url": "https://mcp.boostsecurity.io/mcp"
    }
  }
}

You may need to relaunch VS Code for the new MCP server configuration to take effect.

Once added, enable the MCP connection by select Start on the MCP configuration.

When enabled, the state changes to Running.

The BoostSecurity MCP server can be used by any MCP-compliant client, as long as the client supports:

Transport type: http
Remote server connection, to: https://mcp.boostsecurity.io/mcp

Refer to your MCP client’s documentation for instructions on configuring remote MCP servers.

Included Tools

BoostSecurity MCP provides the following tools:

validate_package: Validates whether a package is safe to use. If the package is unsafe, a recommended alternative is provided.

For Better Results

The BoostSecurity MCP server provides strong instructions and descriptions during connection initialization, encouraging agents to always validate packages before adding to a project.

To ensure best results, add a rule in your AI agent instructing it to validate packages with BoostSecurity MCP. For example:

Always use the BoostSecurity MCP tool `validate_package` to ensure a package is safe before adding it to a project. 
Use the package versions recommended by BoostSecurity.

Related Servers

AI Develop Assistant

Assists AI developers with requirement clarification, module design, and technical architecture.

Unbundle OpenAPI MCP Server

A server for splitting and extracting parts of OpenAPI specifications using Redocly CLI.

MCP Bridge API

A lightweight, LLM-agnostic RESTful proxy that unifies multiple MCP servers under a single API.

Unified MCP Client Library

A TypeScript library for integrating MCP with tools like LangChain and Zod, providing helpers for schema conversion and event streaming.

MCP Docs Server

Provides direct access to local documentation files through a context.md file in the project root.

ocireg

An SSE-based MCP server that allows LLM-powered applications to interact with OCI registries. It provides tools for retrieving information about container images, listing tags, and more.

Mentor MCP

Provides AI-powered mentorship to LLM agents for tasks like code review, design critique, and brainstorming, using the Deepseek API.

BlenderMCP

Connects Blender to Claude AI via the Model Context Protocol (MCP), enabling direct interaction and control for prompt-assisted 3D modeling, scene creation, and manipulation.

Intervals.icu

Connects to the Intervals.icu API to retrieve activities, events, and wellness data.

MCP Client

A Python client for connecting to Model Context Protocol (MCP) servers, supporting local scripts and npx packages.