MCP.so
ログイン
S

Security Snapshot

@Seiya-wasabi

Security Snapshot について

An MCP server that gives Claude and other AI agents the ability to audit any public URL's HTTP security headers.

基本情報

カテゴリ

開発者ツール

トランスポート

stdio

公開者

Seiya-wasabi

投稿者

佐藤 誠也

設定

以下の設定を使って、このサーバーを MCP 対応クライアントに追加してください。

{
  "mcpServers": {
    "security-snapshot": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-server-security-snapshot"
      ],
      "env": {
        "WALLET_PRIVATE_KEY": "0x...",
        "NETWORK": "base"
      }
    }
  }
}

ツール

ツールは検出されませんでした

ツールは README から自動的に抽出されます。メンテナーは ## Tools という見出しの下に記載することで、このタブに反映できます。

概要

What is Security Snapshot?

Security Snapshot is an MCP server that enables Claude and other AI agents to audit any public URL's HTTP security headers, with automatic payment via the x402 protocol. It is designed for developers and security professionals who want to automate security header checks.

How to use Security Snapshot?

Configure the server in Claude Desktop by adding the npx -y mcp-server-security-snapshot command and setting the WALLET_PRIVATE_KEY and NETWORK (set to "base") environment variables. Once running, use the scan_security_headers(url) tool to scan a URL for 0.05 USDC, or the free demo_security_snapshot() tool to see a sample result.

Key features of Security Snapshot

  • Checks HSTS, CSP, X‑Frame‑Options, and more
  • Inspects HTTPS enforcement and redirect depth
  • Looks for security.txt, robots.txt, sitemap.xml
  • Pay‑per‑scan: 0.05 USDC on Base via x402
  • No API key, account, or subscription required
  • Fully autonomous payment from the agent's wallet

Use cases of Security Snapshot

  • Automatically audit your own website's security headers during CI
  • Verify third‑party URLs for security best practices before linking
  • Demo the capability for free before spending any USDC

FAQ from Security Snapshot

How does payment work?

Each scan costs 0.05 USDC, paid automatically on the Base network using the x402 protocol. The agent's wallet pays directly, so no API key or account is needed.

What HTTP security headers are checked?

HSTS, CSP, X‑Frame‑Options, X‑Content‑Type‑Options, Referrer‑Policy, Permissions‑Policy, plus HTTPS enforcement, redirect chain depth, and the presence of security.txt, robots.txt, and sitemap.xml.

Do I need an account or subscription?

No. There is no account, no API key, and no subscription. You only need a wallet with USDC on Base to pay per scan.

What are the required environment variables?

Set WALLET_PRIVATE_KEY (your wallet's private key) and NETWORK (set to "base") in the server configuration.

Is there a way to test without spending money?

Yes, call the demo_security_snapshot() tool, which returns a free pre‑baked example response.

コメント

「開発者ツール」の他のコンテンツ