Security Snapshot
@Seiya-wasabi
About Security Snapshot
An MCP server that gives Claude and other AI agents the ability to audit any public URL's HTTP security headers.
Basic information
Config
Add this server to your MCP-compatible client using the configuration below.
{
"mcpServers": {
"security-snapshot": {
"command": "npx",
"args": [
"-y",
"mcp-server-security-snapshot"
],
"env": {
"WALLET_PRIVATE_KEY": "0x...",
"NETWORK": "base"
}
}
}
}Tools
No tools detected
We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.
Overview
What is Security Snapshot?
Security Snapshot is an MCP server that enables Claude and other AI agents to audit any public URL's HTTP security headers, with automatic payment via the x402 protocol. It is designed for developers and security professionals who want to automate security header checks.
How to use Security Snapshot?
Configure the server in Claude Desktop by adding the npx -y mcp-server-security-snapshot command and setting the WALLET_PRIVATE_KEY and NETWORK (set to "base") environment variables. Once running, use the scan_security_headers(url) tool to scan a URL for 0.05 USDC, or the free demo_security_snapshot() tool to see a sample result.
Key features of Security Snapshot
- Checks HSTS, CSP, X‑Frame‑Options, and more
- Inspects HTTPS enforcement and redirect depth
- Looks for
security.txt,robots.txt,sitemap.xml - Pay‑per‑scan: 0.05 USDC on Base via x402
- No API key, account, or subscription required
- Fully autonomous payment from the agent's wallet
Use cases of Security Snapshot
- Automatically audit your own website's security headers during CI
- Verify third‑party URLs for security best practices before linking
- Demo the capability for free before spending any USDC
FAQ from Security Snapshot
How does payment work?
Each scan costs 0.05 USDC, paid automatically on the Base network using the x402 protocol. The agent's wallet pays directly, so no API key or account is needed.
What HTTP security headers are checked?
HSTS, CSP, X‑Frame‑Options, X‑Content‑Type‑Options, Referrer‑Policy, Permissions‑Policy, plus HTTPS enforcement, redirect chain depth, and the presence of security.txt, robots.txt, and sitemap.xml.
Do I need an account or subscription?
No. There is no account, no API key, and no subscription. You only need a wallet with USDC on Base to pay per scan.
What are the required environment variables?
Set WALLET_PRIVATE_KEY (your wallet's private key) and NETWORK (set to "base") in the server configuration.
Is there a way to test without spending money?
Yes, call the demo_security_snapshot() tool, which returns a free pre‑baked example response.
More Developer Tools MCP servers
Test
x1xhlolFULL Augment Code, Claude Code, Cluely, CodeBuddy, Comet, Cursor, Devin AI, Junie, Kiro, Leap.new, Lovable, Manus, NotionAI, Orchids.app, Perplexity, Poke, Qoder, Replit, Same.dev, Trae, Traycer AI, VSCode Agent, Warp.dev, Windsurf, Xcode, Z.ai Code, Dia & v0. (And other Open Sou
Huoshan Test
volcengineTalkToFigma
sonnylazuardiTalkToFigma: MCP integration between AI Agent (Cursor, Claude Code, Codex) and Figma, allowing Agentic AI to communicate with Figma for reading designs and modifying them programmatically.
Deepwiki MCP Server
regenrek📖 MCP server for fetch deepwiki.com and get latest knowledge in Cursor and other Code Editors
Stakpak Agent CLI
stakpakShip your code, on autopilot. An open source agent that lives on your machines 24/7 and keeps your apps running. 🦀
Comments