MCP.so
登录
S

Security Snapshot

@Seiya-wasabi

关于 Security Snapshot

An MCP server that gives Claude and other AI agents the ability to audit any public URL's HTTP security headers.

基本信息

分类

开发工具

传输方式

stdio

发布者

Seiya-wasabi

提交者

佐藤 誠也

配置

使用下面的配置,将此服务器添加到你的 MCP 客户端。

{
  "mcpServers": {
    "security-snapshot": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-server-security-snapshot"
      ],
      "env": {
        "WALLET_PRIVATE_KEY": "0x...",
        "NETWORK": "base"
      }
    }
  }
}

工具

未检测到工具

工具是从 README 中自动提取的。维护者可以在 ## Tools 标题下列出工具,即可填充这部分内容。

概览

What is Security Snapshot?

Security Snapshot is an MCP server that enables Claude and other AI agents to audit any public URL's HTTP security headers, with automatic payment via the x402 protocol. It is designed for developers and security professionals who want to automate security header checks.

How to use Security Snapshot?

Configure the server in Claude Desktop by adding the npx -y mcp-server-security-snapshot command and setting the WALLET_PRIVATE_KEY and NETWORK (set to "base") environment variables. Once running, use the scan_security_headers(url) tool to scan a URL for 0.05 USDC, or the free demo_security_snapshot() tool to see a sample result.

Key features of Security Snapshot

  • Checks HSTS, CSP, X‑Frame‑Options, and more
  • Inspects HTTPS enforcement and redirect depth
  • Looks for security.txt, robots.txt, sitemap.xml
  • Pay‑per‑scan: 0.05 USDC on Base via x402
  • No API key, account, or subscription required
  • Fully autonomous payment from the agent's wallet

Use cases of Security Snapshot

  • Automatically audit your own website's security headers during CI
  • Verify third‑party URLs for security best practices before linking
  • Demo the capability for free before spending any USDC

FAQ from Security Snapshot

How does payment work?

Each scan costs 0.05 USDC, paid automatically on the Base network using the x402 protocol. The agent's wallet pays directly, so no API key or account is needed.

What HTTP security headers are checked?

HSTS, CSP, X‑Frame‑Options, X‑Content‑Type‑Options, Referrer‑Policy, Permissions‑Policy, plus HTTPS enforcement, redirect chain depth, and the presence of security.txt, robots.txt, and sitemap.xml.

Do I need an account or subscription?

No. There is no account, no API key, and no subscription. You only need a wallet with USDC on Base to pay per scan.

What are the required environment variables?

Set WALLET_PRIVATE_KEY (your wallet's private key) and NETWORK (set to "base") in the server configuration.

Is there a way to test without spending money?

Yes, call the demo_security_snapshot() tool, which returns a free pre‑baked example response.

评论

开发工具 分类下的更多 MCP 服务器