MCP.so
Sign In
S

Security Snapshot

@Seiya-wasabi

About Security Snapshot

An MCP server that gives Claude and other AI agents the ability to audit any public URL's HTTP security headers.

Basic information

Category

Developer Tools

Transports

stdio

Publisher

Seiya-wasabi

Submitted by

佐藤 誠也

Config

Add this server to your MCP-compatible client using the configuration below.

{
  "mcpServers": {
    "security-snapshot": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-server-security-snapshot"
      ],
      "env": {
        "WALLET_PRIVATE_KEY": "0x...",
        "NETWORK": "base"
      }
    }
  }
}

Tools

No tools detected

We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.

Overview

What is Security Snapshot?

Security Snapshot is an MCP server that enables Claude and other AI agents to audit any public URL's HTTP security headers, with automatic payment via the x402 protocol. It is designed for developers and security professionals who want to automate security header checks.

How to use Security Snapshot?

Configure the server in Claude Desktop by adding the npx -y mcp-server-security-snapshot command and setting the WALLET_PRIVATE_KEY and NETWORK (set to "base") environment variables. Once running, use the scan_security_headers(url) tool to scan a URL for 0.05 USDC, or the free demo_security_snapshot() tool to see a sample result.

Key features of Security Snapshot

  • Checks HSTS, CSP, X‑Frame‑Options, and more
  • Inspects HTTPS enforcement and redirect depth
  • Looks for security.txt, robots.txt, sitemap.xml
  • Pay‑per‑scan: 0.05 USDC on Base via x402
  • No API key, account, or subscription required
  • Fully autonomous payment from the agent's wallet

Use cases of Security Snapshot

  • Automatically audit your own website's security headers during CI
  • Verify third‑party URLs for security best practices before linking
  • Demo the capability for free before spending any USDC

FAQ from Security Snapshot

How does payment work?

Each scan costs 0.05 USDC, paid automatically on the Base network using the x402 protocol. The agent's wallet pays directly, so no API key or account is needed.

What HTTP security headers are checked?

HSTS, CSP, X‑Frame‑Options, X‑Content‑Type‑Options, Referrer‑Policy, Permissions‑Policy, plus HTTPS enforcement, redirect chain depth, and the presence of security.txt, robots.txt, and sitemap.xml.

Do I need an account or subscription?

No. There is no account, no API key, and no subscription. You only need a wallet with USDC on Base to pay per scan.

What are the required environment variables?

Set WALLET_PRIVATE_KEY (your wallet's private key) and NETWORK (set to "base") in the server configuration.

Is there a way to test without spending money?

Yes, call the demo_security_snapshot() tool, which returns a free pre‑baked example response.

Comments

More Developer Tools MCP servers