RAD Security

Interact with the RAD Security platform which provides AI-powered security insights for Kubernetes and cloud environments.

GitHub

RAD Security MCP Server

A Model Context Protocol (MCP) server for RAD Security, providing AI-powered security insights for Kubernetes and cloud environments.

Installation

npm install @rad-security/mcp-server

Usage

Prerequisites

Node.js 20.x or higher

Environment Variables

The following environment variables are required to use the MCP server with Rad Security:

RAD_SECURITY_ACCESS_KEY_ID="your_access_key"
RAD_SECURITY_SECRET_KEY="your_secret_key"
RAD_SECURITY_ACCOUNT_ID="your_account_id"

Optional environment variables:

RAD_SECURITY_TENANT_ID="your_tenant_id"  # Optional: If not provided, will be fetched automatically from the account

Optional: Filter Toolkits

You can control which toolkits are exposed by the MCP server using these environment variables:

INCLUDE_TOOLKITS: Comma-separated list of toolkits to include (only these will be enabled)
EXCLUDE_TOOLKITS: Comma-separated list of toolkits to exclude (all except these will be enabled)

Available toolkits:

containers - Container inventory operations
clusters - Kubernetes cluster operations
identities - Identity management operations
audit - Audit log operations
cloud_inventory - Cloud resource inventory
images - Container image operations
kubeobject - Kubernetes resource operations
misconfigs - Misconfiguration detection
runtime - Runtime analysis operations
threats - Threat vector operations
findings - Security findings operations
cves - CVE database operations
inbox - Inbox item operations
workflows - Workflow execution operations
knowledge_base - Knowledge base search operations
radql - Query interface for rad data platform

Examples:

# Only enable workflow toolkit
INCLUDE_TOOLKITS="workflows"

# Enable only containers and images toolkits
INCLUDE_TOOLKITS="containers,images"

# Exclude workflow toolkit (enable all others)
EXCLUDE_TOOLKITS="workflows"

# Exclude runtime and threat toolkits
EXCLUDE_TOOLKITS="runtime,threats"

Note: If INCLUDE_TOOLKITS is set, EXCLUDE_TOOLKITS is ignored.

Operations Without Authentication

You can also use few operations without authentication:

List CVEs
Get details of a specific CVE
Get latest 30 CVEs
List Kubernetes resource misconfiguration policies

In cursor IDE

It's quite problematic to set ENV variables in cursor IDE.

So, you can use the following start.sh script to start the server.

./start.sh

Please set the ENV variables in the start.sh script first!

In Claude Desktop

You can use the following config to start the server in Claude Desktop.

{
  "mcpServers": {
    "rad-security": {
      "command": "npx",
      "args": ["-y", "@rad-security/mcp-server"],
      "env": {
        "RAD_SECURITY_ACCESS_KEY_ID": "<your-access-key-id>",
        "RAD_SECURITY_SECRET_KEY": "<your-secret-key>",
        "RAD_SECURITY_ACCOUNT_ID": "<your-account-id>"
      }
    }
  }
}

To filter toolkits, add INCLUDE_TOOLKITS or EXCLUDE_TOOLKITS to the env:

{
  "mcpServers": {
    "rad-security": {
      "command": "npx",
      "args": ["-y", "@rad-security/mcp-server"],
      "env": {
        "RAD_SECURITY_ACCESS_KEY_ID": "<your-access-key-id>",
        "RAD_SECURITY_SECRET_KEY": "<your-secret-key>",
        "RAD_SECURITY_ACCOUNT_ID": "<your-account-id>",
        "EXCLUDE_TOOLKITS": "workflows"
      }
    }
  }

As a Docker Container - with Streamable HTTP

docker build -t rad-security/mcp-server .
docker run \
  -e TRANSPORT_TYPE=streamable \
  -e RAD_SECURITY_ACCESS_KEY_ID=your_access_key \
  -e RAD_SECURITY_SECRET_KEY=your_secret_key \
  -e RAD_SECURITY_ACCOUNT_ID=your_account_id \
  -p 3000:3000 \
  rad-security/mcp-server

With toolkit filters:

docker run \
  -e TRANSPORT_TYPE=streamable \
  -e RAD_SECURITY_ACCESS_KEY_ID=your_access_key \
  -e RAD_SECURITY_SECRET_KEY=your_secret_key \
  -e RAD_SECURITY_ACCOUNT_ID=your_account_id \
  -e INCLUDE_TOOLKITS=workflows,containers \
  -p 3000:3000 \
  rad-security/mcp-server

As a Docker Container - with SSE (deprecated)

Note: The SSE transport is now deprecated in favor of Streamable HTTP. It's still supported for backward compatibility, but it's recommended to use Streamable HTTP instead.

docker build -t rad-security/mcp-server .
docker run \
  -e TRANSPORT_TYPE=sse \
  -e RAD_SECURITY_ACCESS_KEY_ID=your_access_key \
  -e RAD_SECURITY_SECRET_KEY=your_secret_key \
  -e RAD_SECURITY_ACCOUNT_ID=your_account_id \
  -p 3000:3000 \
  rad-security/mcp-server

Features

Account Inventory
- List clusters and their details*
Containers Inventory
- List containers and their details*
Security Findings
- List and analyze security findings*
Runtime Security
- Get process trees of running containers*
- Get runtime baselines of running containers*
- Analyze process behavior of running containers*
Network Security
- Monitor HTTP requests*
- Track network connections*
- Analyze network patterns*
Identity and Access
- List identities*
- Get identity details*
Audit
- List who shelled into a pod*
Cloud Security
- List and monitor cloud resources*
- Get resource details and compliance status*
Images
- Get SBOMs*
- List images and their vulnerabilities*
- Get top vulnerable images*
Kubernetes Objects
- Get details of a specific Kubernetes resource*
- List Kubernetes resources*
- List Kubernetes resource misconfiguration policies*
Threat Vector
- List threat vectors*
- Get details of a specific threat vector*
CVEs
- List CVEs
- Get details of a specific CVE
- Get latest 30 CVEs
RadQL (Advanced Querying)
- List available data types for querying (containers, findings, kubernetes_resources, etc.)*
- Get schema/metadata for specific data types*
- List possible values for filter fields*
- Execute RadQL queries with filtering, searching, and aggregations*
- Build queries programmatically from structured conditions*
- Execute multiple queries in parallel*

* - requires authentication and account in Rad Security.

Development

# Install dependencies
npm install

# Run type checking
npm run type-check

# Run linter
npm run lint

# Build
npm run build

License

MIT License - see the LICENSE file for details

Related Servers

Bitrix24

The Bitrix24 MCP Server is designed to connect external systems to Bitrix24. It provides AI agents with standardized access to Bitrix24 features and data via the Model Context Protocol (MCP). The MCP server enables external AI systems to interact with Bitrix24 modules through a single standardized interface. You can connect the Bitrix24 MCP Server to the AI model you already use and manage Bitrix24 directly from it. The MCP server allows actions to be performed and data to be retrieved strictly within the access rights configured in your Bitrix24: the AI agent receives only the information and capabilities that are explicitly requested and authorized. Interaction with the Tasks module is supported (the list of supported modules and available actions is gradually expanding).

Marvel MCP Server

Interact with the Marvel Developer API to access data on characters and comics.

Kaltura MCP Server

A server for performing secure, read-only operations on the Kaltura API.

Coolify MCP Server

An MCP server for integrating with Coolify, the self-hostable alternative to Netlify and Vercel.

Shopify MCP Server

Interact with Shopify store data using the GraphQL API.

Jumpseller

Manage your Jumpseller e-commerce store with AI. Create products with variants, process orders, search customers, and organize your catalog.

Strava MCP Server

A server that connects to the Strava API, allowing language models to access Strava data and features.

Stripe

Interact with Stripe API

MCP Force

Expose Salesforce APIs as tools for AI agents, enabling natural language interaction with Salesforce organizations.

Remote MCP Server (Authless)

An authless remote MCP server deployable on Cloudflare Workers.