MCP Docs

Connect Scannd to Claude, Cursor, or any MCP-compatible AI assistant. Trigger scans, pull vulnerability findings, and check your domain's posture directly from a conversation.

Setup

Generate an API key from your dashboard settings panel, then add this to your MCP client's config (e.g. claude_desktop_config.json):

{
  "mcpServers": {
    "scannd": {
      "command": "npx",
      "args": ["@scannd/mcp"],
      "env": {
        "SCANND_API_KEY": "sk_your_key_here"
      }
    }
  }
}

Authentication

Every request from the MCP server to Scannd sends your key in an X-API-Key header. Keys are shown once at creation time — if you lose one, revoke it from your dashboard and generate a new one.

Rate Limits

Plan Scans via MCP / month
Free 2
Standard ($8/mo) Unlimited

Read-only tools (report and vulnerability lookups) aren't rate-limited — only trigger_scan counts against your monthly total.

Tool Reference

trigger_scan

Queues a security scan for your registered domain (the domain configured in your dashboard — you can't specify an arbitrary domain). Returns a scan_id to poll with get_scan_status.

Input

{ "workflow"?: "auto-scan" | "weekly-saas" | "monthly-saas" }

Output

{ "scan_id": "string", "status": "queued", "message": "string" }

get_scan_status

Polls the status of a previously triggered scan.

Input

{ "scan_id": "string" }

Output

{ "scan_id": "string", "status": "queued" | "running" | "completed" | "failed" }

list_reports

Lists past scan reports for your account (metadata only, no findings).

Input

{ "limit"?: number }  // default 10, max 50

Output

{ "reports": [{ "id": number, "filename": "string", "created_at": "string | null" }] }

get_report

Returns the full content of a specific report, or the latest report if report_id is omitted.

Input

{ "report_id"?: "string" }  // omit for latest

Output

{ "report_id": number, "created_at": "string | null", "findings": [...] }

get_vulnerabilities

Returns findings from a report, optionally filtered by severity. Useful for "show me just critical and high findings."

Input

{ "report_id"?: "string", "severity"?: "critical" | "high" | "medium" | "low" | "info" }

Output

{ "report_id": number, "findings": [{ "name", "severity", "url", "description", "template_id" }] }

get_domain_summary

Returns a high-level summary of your domain: subscription tier, scan history, and vulnerability counts from the most recent scan.

Input

none

Output

{ "domain", "tier", "total_scans", "last_scan_at", "vuln_counts": { "critical", "high", "medium", "low", "info" } }

list_templates

Lists the scan workflows available to trigger_scan.

Input

none

Output

{ "workflows": [{ "name", "description", "template_count" }] }

Troubleshooting

Check that SCANND_API_KEY is set in your client config's env block — the server exits immediately if it's missing.
Your key may have been revoked or mistyped. Generate a fresh one from your dashboard and update your client config — keys are only shown once at creation.
Free-tier accounts get 2 scans/month via MCP. Once you hit that, trigger_scan returns an error until your usage resets next month, or you upgrade to Standard for unlimited scans.
Scans take a few minutes. Poll get_scan_status with the scan_id returned by trigger_scan, or just ask your assistant to check again in a bit — it can call the tool for you.