Docs / Integrations / MCP plugin

Scan from your AI agent.

The MCPAmpel MCP plugin lets your agent discover its own installed servers and scan them in place. Install once. Ask Claude or Cursor "are my MCP servers safe?" — they call us, we tell them.

01 Install

Pick the package manager that matches how you ship Python. uvx is the recommended path — it runs the plugin in an isolated environment without polluting your system Python or your project's venv.

$ uvx mcpampel

$ pipx install mcpampel

$ pip install mcpampel

No API key required to install. The plugin will work in anonymous mode out of the box, capped at the free public quota. Add an account API key later for the full 50 calls/day.

02 Configure your agent

Drop the server entry into your agent's MCP config. Restart the agent — the mcpampel tool surface appears in the next session.

Claude Code ~/.config/claude/mcp.json macOS · Linux. On Windows: %APPDATA%\Claude\mcp.json

{
  "mcpServers": {
    "mcpampel": {
      "command": "uvx",
      "args": ["mcpampel"]
    }
  }
}

Cursor .cursor/mcp.json Per-project. Add to your repo or to ~/.cursor/mcp.json for global.

{
  "mcpServers": {
    "mcpampel": {
      "command": "uvx",
      "args": ["mcpampel"],
      "env": {
        "MCPAMPEL_API_KEY": "sk_live_…"
      }
    }
  }
}

Windsurf · Gemini CLI windsurf · gemini Same shape — adjust the path to the agent's MCP config file.

{
  "servers": {
    "mcpampel": {
      "transport": "stdio",
      "command": "uvx",
      "args": ["mcpampel"]
    }
  }
}

03 Use

The plugin exposes three tools. Your agent picks them automatically when the conversation calls for a security check.

scan_url

Scan a specific URL

Submit any GitHub, GitLab, npm, or PyPI URL. Returns a trust score and per-engine findings.

args · url:string

scan_my_servers

Scan your installed servers

Reads the agent's MCP config, resolves each server to its source, scans them all in parallel.

args · config_path?:string

get_score

Lookup an existing score

Returns the cached trust score for a known repo without spending a quota call. Sub-second.

args · owner:string, repo:string

Try it. After install, ask your agent: "Run mcpampel scan_my_servers and tell me which of my MCP servers are red." The plugin handles the rest.

04 Get an API key

Anonymous usage works for casual one-off scans. For consistent quota and your scan history, create a free account.

50 API calls / day on the free tier — enough for a CI hook plus daily agent use.
Per-key analytics — see which servers your agent scanned, when, and the trust delta over time.
No credit card. No upgrade nag.

Generate a key at /account and add it as MCPAMPEL_API_KEY in the env block of your MCP config.

Get your key Free · 50 calls/day · no card.

Create account →

        ← REST API
        Embed badges →
      