The vulnerability scanner your AI agent can actually use.
Scannd exposes vulnerability scanning as MCP tools — scan, status, report, templates — so AI coding agents can test and triage your app without a human babysitting a dashboard. 7,000+ security checks. Wired for MCP. Ready in one API key.
Either yourdomain.com or https://yourdomain.com works.
agent@claude:~$ mcp call scannd:start-scan { "url": "https://myapp.dev" }
[MCP] Request authorized. Scan ID: sc_78291a
[SCAN] Running security template engine against target...
CRITICAL: SQL Injection vulnerability detected on /api/v1/auth
WARNING: Missing Security Headers (HSTS, CSP)
SUCCESS: Full template library coverage applied
Agent summary: "Found 1 critical vulnerability. Recommend patching auth.ts line 42."
Platform Features
Comprehensive security auditing without the complexity.
7,000+ Security Checks
Template-based scanning covering CVEs, misconfigurations, and common web vulnerabilities — updated continuously as new threats are published.
Rotating Proxies
Scans route through a rotating proxy network so your site doesn't get blocked and results stay accurate.
Smart Reports
Get structured reports your AI can parse. Critical findings are flagged immediately for remediation.
Dashboard History
Every scan result is stored securely. Track your security posture over time with historical trends.
Scheduled Scans
Set it and forget it. Weekly automated scans run without manual intervention to ensure persistent safety.
MCP Integration
Connect directly to Claude or Cursor. Trigger scans and query results within your AI chat workflow.
Use scannd in Claude, Cursor, and any MCP-compatible AI
scannd now offers an MCP server for subscribers. Connect your API key to your AI assistant and trigger scans, query vulnerabilities, and get domain summaries directly from your AI workflow — no browser required.
{
"mcpServers": {
"scannd": {
"command": "npx",
"args": ["@scannd/mcp"],
"env": {
"SCANND_API_KEY": "sk_your_key_here"
}
}
}
}
Seven tools your assistant can call
trigger_scan
Queues a security scan for your registered domain and returns a scan_id to poll.
get_scan_status
Polls the status of a previously triggered scan.
list_reports
Lists past scan reports for your account (metadata only, no findings).
get_report
Returns the full content of a specific report, or the latest report if omitted.
get_vulnerabilities
Returns findings from a report, optionally filtered by severity.
get_domain_summary
Returns a high-level summary of your domain: tier, scan history, and vulnerability counts.
list_templates
Lists the scan workflows available to trigger_scan.
Full tool reference with input/output schemas in the MCP docs.
Why not just use X?
Built specifically for the new era of AI-driven development.
Built for securing AI-written code, not for the agent to operate the scanner itself.
Enterprise API-security platform with MCP as an add-on, not built for a solo developer.
Dashboard-first, no agent-native workflow (Detectify / Intruder).
Transparent Pricing
60-day money back guarantee.
Free
Perfect for trying out basic MCP tools.
Start Free- 1 Target
- 3 Scans / Month
- MCP tools enabled (rate-limited)
Pro
Enhanced security for power developers.
Subscribe Pro- Full MCP access
- 5 Targets
- Unlimited Scans
- Full template library access
- Priority Support
Team
Built for teams scaling agent workflows.
Subscribe Team- 25 Targets
- Scoped & Audit-logged MCP keys
- Project-based keys
- Team seat management
- 24/7 Priority Support
Enterprise
Custom pricing, dedicated MCP endpoint, SSO & Advanced Governance.