{"id":"cyproxio-mcp-for-security","name":"mcp-for-security","homepage":"https://cyprox.io","repo_url":"https://github.com/cyproxio/mcp-for-security","category":"security","subcategories":[],"tags":["mcp","security","pentesting","reconnaissance","automation","typescript","docker"],"what_it_does":"Provides multiple Model Context Protocol (MCP) server implementations that wrap common security testing tools (e.g., SQLMap, Nmap, FFUF, Nuclei, Masscan, etc.) so they can be invoked via a standardized MCP interface, including a Docker image approach for deployment.","use_cases":["Integrate well-known security scanners and reconnaissance tools into an MCP-based agent workflow","Automate recurring security reconnaissance tasks (subdomain discovery, port scanning, web fuzzing, crawling)","Run vulnerability scanning and security checks (e.g., Nuclei templates, HTTP header security comparisons, SSL/TLS checks) via an AI-driven orchestration layer","Produce consistent tool invocation across different MCP clients using Docker-based deployment"],"not_for":["Production-grade security auditing without appropriate access controls and operator oversight","Environments where running offensive/security scanning tooling is prohibited","Use cases requiring strict compliance guarantees without validated operational security controls"],"best_when":"You want to orchestrate a suite of existing security tools through a uniform MCP interface for reconnaissance/scanning workflows, and you can safely manage the operational risks (target authorization, rate/impact limits, credential handling).","avoid_when":"You need a simple, read-only API for passive monitoring only, or you cannot control where/against what targets the tools run.","alternatives":["Run the underlying tools directly (e.g., Nmap/Nuclei/FFUF/SQLMap) with scripts or workflow managers","Use other security automation frameworks that expose REST/CLI wrappers (without MCP), such as custom orchestration via CI/CD pipelines","Use dedicated vendor platforms for vulnerability scanning and orchestration (where available)"],"af_score":39.0,"security_score":31.8,"reliability_score":25.0,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T13:26:32.096018+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":true,"sdk_languages":["TypeScript"],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":[],"oauth":false,"scopes":false,"notes":"README content provided does not describe any authentication mechanism for the MCP servers themselves. In practice, tool authorization (if any) would likely be handled externally by the MCP client/deployment environment."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Repository is MIT-licensed and appears to be open source; pricing for any hosted service is not described in the provided content."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":39.0,"security_score":31.8,"reliability_score":25.0,"mcp_server_quality":45.0,"documentation_accuracy":40.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":40.0,"rate_limit_clarity":20.0,"tls_enforcement":50.0,"auth_strength":20.0,"scope_granularity":20.0,"dependency_hygiene":45.0,"secret_handling":30.0,"security_notes":"Primary security risk is operational: the MCP servers wrap offensive/active security tooling that can scan or attack targets. The provided README does not document authentication/authorization controls, scope granularity, secret-handling practices, or safe execution constraints. Deployment via Docker may increase the need for careful environment variable and logging hygiene, and for strict control over allowed targets to prevent misuse.","uptime_documented":0.0,"version_stability":40.0,"breaking_changes_history":40.0,"error_recovery":20.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Underlying security tools may be non-idempotent (e.g., active scanning/fuzzing) and can produce different results across runs","Tool execution can be high-impact; agents should incorporate strict guardrails for targets, timing, and rate/volume","README does not provide standardized MCP error-handling, retry, or idempotency guidance across tools"]}}