{"id":"slashben-kubescape-mcp-server","name":"kubescape-mcp-server","homepage":null,"repo_url":"https://github.com/slashben/kubescape-mcp-server","category":"security","subcategories":[],"tags":["kubernetes","vulnerability-management","mcp","go","kubescape","security"],"what_it_does":"Kubescape MCP Server is a middleware that exposes Kubescape Kubernetes vulnerability manifests and related querying capabilities via the Mark3 Labs MCP protocol over stdio. It supports listing vulnerability manifests for image/workload levels, listing vulnerabilities in a manifest, and listing vulnerability matches for a specific CVE, also exposing manifest data through MCP resource templates.","use_cases":["Agent-assisted discovery of available Kubernetes vulnerability manifests (image/workload scopes)","Querying vulnerability details from Kubescape manifests via MCP tools","Finding all matches for a specific CVE within a manifest","Building automated workflows that inspect cluster vulnerability exposure using MCP-compatible agents"],"not_for":["Public internet-facing API use without strong operational controls","Use as a general-purpose Kubernetes vulnerability scanner replacement without understanding Kubescape storage/API expectations","Workloads requiring fine-grained authorization and multi-tenant isolation at the tool level (not evidenced in docs)"],"best_when":"Used in controlled environments where an MCP-capable agent runs with access to a Kubernetes cluster (via kubeconfig) and Kubescape storage APIs to retrieve vulnerability manifests.","avoid_when":"Avoid deploying as-is in untrusted or multi-tenant settings where tool inputs could be abused, since the README does not describe authZ/authN controls, input validation, or output filtering.","alternatives":["Run Kubescape directly (CLI/UI) and integrate via its existing interfaces (if available)","Use Kubescape APIs/SDKs (if provided by Kubescape) instead of an MCP shim","Implement an internal MCP server that wraps Kubescape APIs with your own authZ and rate limiting"],"af_score":36.2,"security_score":29.8,"reliability_score":20.0,"package_type":"mcp_server","discovery_source":["github"],"priority":"low","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-04-04T21:21:39.342966+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["Implicit Kubernetes credentials via kubeconfig/context (as described)"],"oauth":false,"scopes":false,"notes":"README only states the server requires access to the Kubernetes cluster and expects appropriate kubeconfig/context. No MCP-level authentication method, token auth, or per-tool scope model is described."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No pricing information provided; repository appears to be a source project."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":36.2,"security_score":29.8,"reliability_score":20.0,"mcp_server_quality":45.0,"documentation_accuracy":55.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":40.0,"rate_limit_clarity":0.0,"tls_enforcement":20.0,"auth_strength":25.0,"scope_granularity":10.0,"dependency_hygiene":50.0,"secret_handling":50.0,"security_notes":"Traffic is via stdio (not network TLS). Authentication/authorization is not described beyond requiring kubeconfig/context; no MCP-level authN/authZ, scopes, or input/output constraints are documented. As a vulnerability-data interface, strict operational controls are recommended (least-privilege kubeconfig, process isolation, logging hygiene), but the README provides no details to verify these.","uptime_documented":0.0,"version_stability":35.0,"breaking_changes_history":20.0,"error_recovery":25.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Server communicates via stdio MCP; agents must be able to spawn and interact with the process correctly.","Tool behavior depends on accessible kubeconfig/context and availability of Kubescape storage API; failures may appear as tool errors but are not documented.","No documented pagination/limits for listing tools; agents may need to handle large manifest/vulnerability result sets."]}}