vigile-mcp

Security scanner for MCP servers and agent skills — query trust scores, check for vulnerabilities, and search the Vigile trust registry

GitHub

vigile-mcp

MCP server for Vigile AI Security — query trust scores for MCP servers and agent skills directly from your AI coding assistant.

Works with Claude Desktop, Claude Code, Cursor, VS Code, Windsurf, and any MCP-compatible client.

Installation

Claude Desktop

Add to your Claude Desktop config file:

macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "vigile": {
      "command": "npx",
      "args": ["-y", "vigile-mcp"]
    }
  }
}

Claude Code

claude mcp add --transport stdio vigile --scope user -- npx -y vigile-mcp

Or add to your project's .mcp.json:

{
  "vigile": {
    "command": "npx",
    "args": ["-y", "vigile-mcp"]
  }
}

Cursor

Add to ~/.cursor/mcp.json:

{
  "mcpServers": {
    "vigile": {
      "command": "npx",
      "args": ["-y", "vigile-mcp"]
    }
  }
}

VS Code (Copilot)

Add to .vscode/mcp.json in your project:

{
  "servers": {
    "vigile": {
      "command": "npx",
      "args": ["-y", "vigile-mcp"]
    }
  }
}

Windsurf

Add to ~/.codeium/windsurf/mcp_config.json:

{
  "mcpServers": {
    "vigile": {
      "command": "npx",
      "args": ["-y", "vigile-mcp"]
    }
  }
}

Global Install (Alternative)

npm install -g vigile-mcp

Then replace "command": "npx", "args": ["-y", "vigile-mcp"] with "command": "vigile-mcp" in any config above.

What It Does

Vigile scans and scores MCP servers and agent skills for security issues like tool poisoning, data exfiltration, prompt injection, and supply chain attacks. This MCP server brings those trust scores into your AI workflow — so your coding assistant can check whether a tool is safe before using it.

Covers servers from npm, Smithery, PyPI, and other registries, plus agent skills from Claude Code, Cursor, OpenClaw/ClawHub, and more.

Tools

Tool	Description
`vigile_check_server`	Look up trust score for an MCP server by name or package
`vigile_check_skill`	Look up trust score for an agent skill (claude.md, .cursorrules, OpenClaw skills, etc.)
`vigile_scan_content`	Scan raw content from a claude.md, .cursorrules, skill.md, or similar file for security issues
`vigile_search`	Search the Vigile trust registry by keyword
`vigile_verify_location`	Verify whether a skill uses location data safely and check for location-based attack patterns

Example Usage

Once installed, your AI assistant can use these tools naturally:

"Check if @anthropic/mcp-server-filesystem is safe" "Scan this claude.md file for security issues" "Search for database MCP servers and show me their trust scores"

Trust Scores

Vigile rates every server and skill on a 0-100 scale:

Score	Level	Meaning
80-100	Trusted	No significant issues found
60-79	Caution	Minor issues, review recommended
40-59	Risky	Notable security concerns
0-39	Dangerous	Critical issues, do not use

Authentication

By default, vigile-mcp uses the public Vigile registry (rate-limited). For higher limits, set your API key:

{
  "mcpServers": {
    "vigile": {
      "command": "npx",
      "args": ["-y", "vigile-mcp"],
      "env": {
        "VIGILE_API_KEY": "vgl_your_key_here"
      }
    }
  }
}

Get an API key at vigile.dev.

Rate Limits

Tier	Scans/min	Monthly Quota
Free (no key)	10	50
Pro ($30/mo)	60	1,000
Pro+ ($100/mo)	300	5,000

Registry lookups (vigile_check_server, vigile_check_skill, vigile_search) do not count against your scan quota. Only vigile_scan_content consumes scans.

Requirements

Node.js 18+
An MCP-compatible client

Disclaimer

THIS SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. Vigile AI Security provides security scanning and trust scoring as informational tools only. Trust scores, scan results, and security assessments are based on automated analysis and should not be considered definitive security guarantees.

Vigile does not guarantee the detection of all security threats, vulnerabilities, or malicious behavior. Users are solely responsible for their own security decisions and should use Vigile as one component of a comprehensive security strategy.

By using this software, you agree to the Vigile Terms of Service.

License

MIT

Máy chủ liên quan

Scout Monitoring MCP

nhà tài trợ

Put performance and error data directly in the hands of your AI assistant.

Alpha Vantage MCP Server

nhà tài trợ

Access financial market data: realtime & historical stock, ETF, options, forex, crypto, commodities, fundamentals, technical indicators, & more

Blender MCP Senpai

An AI-assisted mentor for Blender that detects topology issues and offers real-time improvement suggestions.

amCharts 5 MCP Server

MCP server that gives AI assistants on-demand access to 1,500+ amCharts docs, ~300 code examples, and 1000+ class API references.

Chronulus AI

Predict anything with Chronulus AI forecasting and prediction agents.

Remote MCP Server (Authless)

A template for deploying a remote MCP server on Cloudflare Workers without authentication.

Vibetest Use

A browser-agent QA swarm with an MCP interface for testing AI-generated websites.

Process Manager MCP

Manage long-running bash processes and persist their logs.

MCP Server AI extension

Provides AI extension capabilities via the Model Context Protocol.

Moralis Web3 API

Interact with the Moralis Web3 API to access blockchain data across multiple networks through a structured interface.

Svelte MCP

Official Svelte MCP server, provides docs and suggestions on the generated code.

MCPwner

Automated Security Vulnerabilities Pentesting