mcp-server-security-snapshot
An MCP server that gives Claude and other AI agents the ability to audit any public URL's HTTP security headers. What it checks: * HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy * HTTPS enforcement and redirect chain depth * Presence of security.txt, robots.txt, sitemap.xml Payment model: * 0.05 USDC per scan, paid automatically on Base via the x402 proto
README
mcp-server-security-snapshot
MCP server that exposes Website Security Snapshot API as a tool for Claude and other AI agents.
Scan any public URL's HTTP security headers directly from your AI assistant — payment settled automatically on-chain via x402 (0.05 USDC on Base).
Network status: Currently on Base Sepolia testnet. Mainnet (Base) goes live 2026-03-28. Use
"NETWORK": "base-sepolia"for testing before that date; switch to"NETWORK": "base"on 2026-03-28.
Tools Provided
| Tool | Description | Cost |
|---|---|---|
scan_security_headers |
Scan a URL's security headers (live, paid) | 0.05 USDC |
demo_security_snapshot |
Return a pre-baked example (free) | Free |
scan_security_headers
Checks:
- HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy
- HTTPS enforcement and redirect chain
- Presence of
security.txt,robots.txt,sitemap.xml
Setup
Requirements
- A wallet with USDC on Base (mainnet) or Base Sepolia (testnet)
- Get testnet USDC free: https://faucet.circle.com
Claude Desktop
Add to claude_desktop_config.json (usually ~/Library/Application Support/Claude/ on macOS, %APPDATA%\Claude\ on Windows):
{
"mcpServers": {
"security-snapshot": {
"command": "npx",
"args": ["-y", "mcp-server-security-snapshot"],
"env": {
"WALLET_PRIVATE_KEY": "0xYOUR_PRIVATE_KEY",
"NETWORK": "base"
}
}
}
}
For testnet (free USDC from faucet):
{
"env": {
"WALLET_PRIVATE_KEY": "0xYOUR_TESTNET_KEY",
"NETWORK": "base-sepolia"
}
}
Run Directly
WALLET_PRIVATE_KEY=0x... NETWORK=base npx mcp-server-security-snapshot
Environment Variables
| Variable | Required | Default | Description |
|---|---|---|---|
WALLET_PRIVATE_KEY |
Yes | — | Private key of paying wallet (0x...) |
NETWORK |
No | base |
base or base-sepolia |
API_BASE_URL |
No | https://api.cybersecurity-japan.com |
Override API endpoint |
Example Usage in Claude
Once configured, ask Claude:
"Check the security headers on https://example.com"
"Does https://mysite.com have HSTS and CSP enabled?"
"Audit the security hygiene of https://example.com and tell me what's missing"
Claude will call scan_security_headers, pay 0.05 USDC from your wallet, and return the results.
Security Note
Your WALLET_PRIVATE_KEY is used to sign USDC transactions. Use a dedicated wallet with only enough USDC for your intended usage. Do not use your main wallet.
Links
License
MIT
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.