Skip to main content

mcp: agent integration

One line: run the Labs checks inside the agent's own loop, so vetting happens at the moment of suggestion, not after.

vulkro-live mcp is a Model Context Protocol server over stdio (JSON-RPC 2.0). Point any MCP client at it and the agent can vet a package before installing it, or scan a manifest before trusting it, without leaving the conversation.

Setup

{
"mcpServers": {
"vulkro-live": { "command": "vulkro-live", "args": ["mcp"] }
}
}

That config works in Claude Code (.mcp.json), Claude Desktop, Cursor, and any other MCP client.

The tools it exposes

ToolWhat the agent gets
verifyCheck packages (name or name@version, npm / pypi / crates) for the full verdict ladder before install
wardenScan an MCP tool manifest (JSON text or a file path) for poisoning and risky tools
inspectOne GREEN / REVIEW / AVOID verdict for an MCP server, by package name or install command
scan_contentScan a block of untrusted content (a fetched page, a tool result, an issue body) for prompt-injection and hidden-unicode smuggling before acting on it. Stateless, zero-network, local
scan_repoDeep-scan the repository for vulnerabilities in your own code. Depth-locked: see below

The depth-locked handoff

scan_repo is where the free surface ends and the paid engine begins. When the paid vulkro binary is on PATH, the tool runs vulkro scan --format sarif on the requested directory and returns the SARIF. When it is not installed, the tool returns a structured pointer explaining how to get it. The free server holds no detector logic; the delegation is a process spawn, not a code dependency.

This is the boundary stated plainly: Labs vets what enters your project; the Vulkro engine analyzes the code you ship.

Claude Code skills and plugin

The vulkro-labs repo also ships agent-side packaging:

  • skills/ contains a Claude Code skill per command (verify, warden, foresee, inspect, audit, skillscan, memcheck, trustdb, drift, cardcheck), so the agent knows when and how to run each check.
  • .claude-plugin/plugin.json is a plugin manifest that registers the vulkro-live MCP server, so one plugin install wires up the tools.

Flags

vulkro-live mcp takes no flags. It speaks MCP over stdio until the client closes the stream. Malformed requests get a JSON-RPC error response, and an unsupported protocol version is negotiated down to a supported one.

Composes with

  • The server wraps verify, warden, and inspect; results and verdicts match the CLI.
  • For checks that want the repo context (audit, skillscan, memcheck, foresee, lock / drift, trustdb), run the CLI directly or from a skill; the MCP server exposes the in-loop subset.