MCP Docs
Connect Scannd to Claude, Cursor, or any MCP-compatible AI assistant. Trigger scans, pull vulnerability findings, and check your domain's posture directly from a conversation.
Setup
Generate an API key from your dashboard settings panel, then add this to your MCP client's config (e.g. claude_desktop_config.json):
{
"mcpServers": {
"scannd": {
"command": "npx",
"args": ["@scannd/mcp"],
"env": {
"SCANND_API_KEY": "sk_your_key_here"
}
}
}
}
Authentication
Every request from the MCP server to Scannd sends your key in an X-API-Key header. Keys are shown once at creation time — if you lose one, revoke it from your dashboard and generate a new one.
Rate Limits
| Plan | Scans via MCP / month |
|---|---|
| Free | 2 |
| Standard ($8/mo) | Unlimited |
Read-only tools (report and vulnerability lookups) aren't rate-limited — only trigger_scan counts against your monthly total.
Tool Reference
trigger_scan
Queues a security scan for your registered domain (the domain configured in your dashboard — you can't specify an arbitrary domain). Returns a scan_id to poll with get_scan_status.
Input
{ "workflow"?: "auto-scan" | "weekly-saas" | "monthly-saas" }
Output
{ "scan_id": "string", "status": "queued", "message": "string" }
get_scan_status
Polls the status of a previously triggered scan.
Input
{ "scan_id": "string" }
Output
{ "scan_id": "string", "status": "queued" | "running" | "completed" | "failed" }
list_reports
Lists past scan reports for your account (metadata only, no findings).
Input
{ "limit"?: number } // default 10, max 50
Output
{ "reports": [{ "id": number, "filename": "string", "created_at": "string | null" }] }
get_report
Returns the full content of a specific report, or the latest report if report_id is omitted.
Input
{ "report_id"?: "string" } // omit for latest
Output
{ "report_id": number, "created_at": "string | null", "findings": [...] }
get_vulnerabilities
Returns findings from a report, optionally filtered by severity. Useful for "show me just critical and high findings."
Input
{ "report_id"?: "string", "severity"?: "critical" | "high" | "medium" | "low" | "info" }
Output
{ "report_id": number, "findings": [{ "name", "severity", "url", "description", "template_id" }] }
get_domain_summary
Returns a high-level summary of your domain: subscription tier, scan history, and vulnerability counts from the most recent scan.
Input
none
Output
{ "domain", "tier", "total_scans", "last_scan_at", "vuln_counts": { "critical", "high", "medium", "low", "info" } }
list_templates
Lists the scan workflows available to trigger_scan.
Input
none
Output
{ "workflows": [{ "name", "description", "template_count" }] }
Troubleshooting
SCANND_API_KEY is set in your client config's env block — the server exits immediately if it's missing.
trigger_scan returns an error until your usage resets next month, or you upgrade to Standard for unlimited scans.
get_scan_status with the scan_id returned by trigger_scan, or just ask your assistant to check again in a bit — it can call the tool for you.