npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@audit-core/mcp-server

v1.0.0

Published

MCP server for AuditCore — run security scans, fetch findings, and generate AI-powered fixes from your IDE (Claude Desktop, Claude Code, Cursor, Continue.dev, Cline).

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

k-szozdak-szozda

Keywords

mcpmodel-context-protocolclaudecursorsecurityvulnerability-scannerpentestai-agentauditcore

Readme

@audit-core/mcp-server

npm version npm downloads license

Model Context Protocol server for AuditCore — run automated security scans, fetch vulnerability findings, and generate AI-powered fix code from inside Claude Desktop, Claude Code, Cursor, Continue.dev, Cline, or any MCP-compatible client.

AuditCore is an automated security + SEO + AI-readiness audit platform — 50+ open-source pentest tools (OWASP ZAP, Nuclei, sqlmap, BOLA/BFLA, gitleaks, Semgrep, MobSF) plus an AI-agent prompt-injection scanner and a 60+ check SEO auditor. One-time payment per site, unlimited rescans.

Quick start

1. Get an API key (optional but recommended)

Free-tier scans run anonymously. For paid tiers (Basic / Pro / Enterprise), AI fix generation, and access to your own scan history, get an API key:

→ https://audit-core.tech/dashboard/settings → API Keys → Create

Keys are prefixed ac_live_.

2. Add to your MCP client

Claude Desktop — edit ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows):

{
  "mcpServers": {
    "auditcore": {
      "command": "npx",
      "args": ["-y", "@audit-core/mcp-server"],
      "env": {
        "AUDITCORE_API_KEY": "ac_live_YOUR_KEY_HERE"
      }
    }
  }
}

Claude Code~/.config/claude/mcp.json:

{
  "mcpServers": {
    "auditcore": {
      "command": "npx",
      "args": ["-y", "@audit-core/mcp-server"],
      "env": {
        "AUDITCORE_API_KEY": "ac_live_YOUR_KEY_HERE"
      }
    }
  }
}

Cursor.cursor/mcp.json in your repo root:

{
  "mcpServers": {
    "auditcore": {
      "command": "npx",
      "args": ["-y", "@audit-core/mcp-server"],
      "env": {
        "AUDITCORE_API_KEY": "ac_live_YOUR_KEY_HERE"
      }
    }
  }
}

Continue.dev.continue/config.json:

{
  "experimental": {
    "modelContextProtocolServers": [{
      "transport": {
        "type": "stdio",
        "command": "npx",
        "args": ["-y", "@audit-core/mcp-server"],
        "env": {
          "AUDITCORE_API_KEY": "ac_live_YOUR_KEY_HERE"
        }
      }
    }]
  }
}

Cline (VS Code) — settings → MCP Servers → Add:

{
  "auditcore": {
    "command": "npx",
    "args": ["-y", "@audit-core/mcp-server"],
    "env": { "AUDITCORE_API_KEY": "ac_live_YOUR_KEY_HERE" }
  }
}

Restart your MCP client. You should see "auditcore" with 5 tools in the MCP server list.

Available tools

| Tool | Auth | What it does | |---|---|---| | auditcore_start_scan | optional | Start a scan on a URL. Free tier runs without auth (1-page SEO + AI-readiness + security headers). | | auditcore_scan_status | none | Poll progress + current phase/tool + partial findings summary. | | auditcore_scan_results | none | Fetch findings (severity, CVSS, CWE, affected URL, description, fix hint). | | auditcore_generate_fix | required | AI-generated fix code for a specific vulnerability. Language auto-detected from scan target's tech stack. | | auditcore_list_my_scans | required | List your account's scans. Filter by status. |

Example prompts

After installation, try these in your IDE:

  • "Scan https://example.com with AuditCore" → starts a free scan
  • "What's the status of scan abc-123-def?" → polls progress
  • "Show me the critical findings" → fetches results
  • "Generate a fix for the SQL injection finding" → AI fix code
  • "List my recent scans" → your account history

How it works

┌─────────────────┐    stdio       ┌──────────────────┐    HTTPS    ┌─────────────────┐
│ Claude / Cursor │ ─── MCP ──▶   │ @audit-core/mcp- │ ─── REST ──▶│  audit-core.tech│
│  (LLM client)   │ ◀──────────── │     server       │ ◀────────── │   FastAPI       │
└─────────────────┘   JSON-RPC    └──────────────────┘    JSON     └─────────────────┘
                                  Reads AUDITCORE_API_KEY
                                  from env, adds as Bearer
                                  to authenticated calls.

Configuration

| Env var | Required | Default | Description | |---|---|---|---| | AUDITCORE_API_KEY | for paid tools | — | Your ac_live_* API key. Required for auditcore_generate_fix and auditcore_list_my_scans. Optional for public tools. | | AUDITCORE_API_URL | no | https://audit-core.tech | Override for self-hosted AuditCore deployments or staging. |

Tiers + quotas

| Tier | Price | Page limit | Scanners | AI fixes/day | |---|---|---|---|---| | Free | $0 | 1 | SEO + AI-readiness + security headers | 0 | | Basic | $99 | 25 | + SSL/TLS, CORS, nmap, DMARC, headers, cookies | 10 | | Pro | $299 | 100 | + ZAP, Nuclei, Nikto, JWT, subdomain enum | 50 | | Enterprise | $499 | 500 | Full pentest suite + BOLA/BFLA + sqlmap + SSRF + mobile binary + AI prompt-injection | 200 |

Per-domain license — pay once, rescan unlimited.

Building from source

git clone https://github.com/auditcore-tech/scanner.git
cd scanner/mcp-server
npm install
npm run build
node dist/index.js  # smoke test — should log "5 tools registered"

Use with ChatGPT (Custom GPT Actions)

ChatGPT doesn't speak MCP natively, but you can wire AuditCore in as a Custom GPT via OpenAPI Actions:

  1. chatgpt.com → "Create a GPT" (requires ChatGPT Plus)
  2. Configure → Actions → Import from URL: https://audit-core.tech/api/v1/openapi.json
  3. Authentication → API Key:
    • Type: API Key
    • Auth Type: Bearer
    • Value: your ac_live_* key
  4. Test with a prompt like "Scan https://example.com for vulnerabilities"

Each user creates their own private GPT with their own key — no shared credentials. The OpenAPI spec at /api/v1/openapi.json exposes all 51 endpoints; you can scope the GPT to a subset by editing the imported schema.

Issues + feedback

  • Bug reports: https://audit-core.tech/contact
  • Source: https://github.com/auditcore-tech/scanner (mcp-server/)
  • Status: https://audit-core.tech (live status banner)

License

MIT — see LICENSE.