{"passport":{"unfragile":{"@version":"1.0","version":"2026-05","artifact":{"id":"npm-aikidosec-mcp","slug":"aikidosec-mcp","name":"@aikidosec/mcp","type":"mcp","url":"https://www.npmjs.com/package/@aikidosec/mcp","page_url":"https://unfragile.ai/aikidosec-mcp","categories":["mcp-servers"],"tags":["aikido","mcp","server","security"],"pricing":{"model":"open_source","free":true,"starting_price":null},"status":"active","verified":false},"capabilities":[{"id":"npm-aikidosec-mcp__cap_0","uri":"capability://tool.use.integration.mcp.server.protocol.implementation.with.security.first.design","name":"mcp server protocol implementation with security-first design","description":"Implements the Model Context Protocol (MCP) server specification, enabling Claude and other LLM clients to invoke security analysis tools through standardized JSON-RPC message exchange. The server exposes security capabilities via MCP's resource and tool abstractions, handling bidirectional communication with type-safe request/response routing and built-in error handling for malformed or unauthorized requests.","intents":["I want to connect Claude to Aikido's security scanning capabilities without building custom API integrations","I need to expose security analysis tools to LLM agents through a standardized protocol","I want to ensure security tool invocations are properly validated and logged before execution"],"best_for":["Teams integrating Aikido security scanning into Claude-powered workflows","Developers building LLM agents that need real-time security analysis capabilities","Organizations standardizing on MCP for tool integration across multiple LLM clients"],"limitations":["MCP protocol overhead adds ~50-100ms per request/response cycle compared to direct API calls","Requires MCP-compatible client (Claude, or custom MCP client implementation)","No built-in request queuing or rate limiting — relies on upstream client for throttling","Limited to MCP v1.x specification — no support for streaming responses in early versions"],"requires":["Node.js 16+ (typical for npm packages)","MCP client implementation (Claude desktop, or custom MCP client library)","Aikido API credentials or local security scanning engine"],"input_types":["JSON-RPC method calls","code snippets or file paths","security scan parameters (severity levels, rule sets)"],"output_types":["JSON-RPC responses","security findings (structured vulnerability data)","scan reports with remediation guidance"],"categories":["tool-use-integration","mcp-server"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"npm-aikidosec-mcp__cap_1","uri":"capability://safety.moderation.security.vulnerability.scanning.tool.exposure.via.mcp.resources","name":"security vulnerability scanning tool exposure via mcp resources","description":"Exposes Aikido's security scanning capabilities (SAST, dependency analysis, secrets detection) as callable MCP tools with predefined schemas. Each tool accepts code context, file paths, or configuration parameters and returns structured vulnerability findings with severity levels, CWE mappings, and remediation steps. The implementation likely uses MCP's tool registry pattern to dynamically advertise available security checks.","intents":["I want Claude to analyze code snippets for vulnerabilities without leaving the conversation","I need to trigger Aikido security scans from within an LLM agent workflow","I want to get structured vulnerability data back from security scans for further processing"],"best_for":["Security teams using Claude for code review and vulnerability triage","Developers building security-aware LLM agents for CI/CD pipelines","Organizations automating security analysis as part of LLM-driven development workflows"],"limitations":["Scan latency depends on code size and Aikido backend performance — large codebases may timeout","Tool schemas are static at server startup — cannot dynamically add new security checks without restart","No built-in caching of scan results — repeated scans of identical code trigger full re-analysis","Limited to Aikido's supported languages and vulnerability types — cannot extend with custom rules via MCP"],"requires":["Aikido account or self-hosted Aikido instance","API credentials with appropriate security scanning permissions","MCP client with tool invocation support"],"input_types":["code snippets (string)","file paths (string)","language/framework hints (string)","scan configuration (JSON object with severity filters, rule sets)"],"output_types":["vulnerability findings (JSON array with id, severity, cwe, description, remediation)","scan metadata (timestamp, duration, rules applied)","remediation guidance (code examples, documentation links)"],"categories":["safety-moderation","tool-use-integration"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"npm-aikidosec-mcp__cap_2","uri":"capability://tool.use.integration.aikido.security.context.and.configuration.management.for.mcp.clients","name":"aikido security context and configuration management for mcp clients","description":"Manages Aikido-specific configuration (API endpoints, authentication tokens, scan policies, rule sets) at the MCP server level, allowing clients to invoke security tools without managing credentials directly. The server likely implements MCP's resource abstraction to expose available security policies and scan configurations as queryable resources, enabling clients to discover and select appropriate scanning profiles.","intents":["I want to configure Aikido security policies once at the server level and have all MCP clients use them","I need to query available security scan profiles and select one for a specific analysis","I want to enforce organization-wide security scanning rules through the MCP server"],"best_for":["Enterprise teams centralizing security tool configuration across multiple LLM clients","Organizations with strict security policies requiring server-enforced scanning rules","Teams managing multiple Aikido workspaces and needing per-workspace MCP server instances"],"limitations":["Configuration changes require server restart — no hot-reload of policies","No built-in role-based access control (RBAC) — all MCP clients see all configured policies","Credentials stored in server environment or config files — requires secure deployment practices","No audit logging of configuration changes — cannot track who modified policies"],"requires":["Aikido API credentials with admin or configuration permissions","Environment variables or config file for server initialization","MCP client capable of querying resources"],"input_types":["configuration parameters (JSON)","Aikido API credentials (string)","security policy definitions (JSON)"],"output_types":["available security policies (JSON array)","scan configuration metadata (JSON object)","policy enforcement rules (JSON)"],"categories":["tool-use-integration","automation-workflow"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"npm-aikidosec-mcp__cap_3","uri":"capability://safety.moderation.mcp.client.request.validation.and.security.enforcement","name":"mcp client request validation and security enforcement","description":"Implements request validation at the MCP server boundary, checking that incoming tool invocations conform to expected schemas and enforcing security policies before delegating to Aikido backends. Uses JSON schema validation, rate limiting, and potentially request signing to prevent unauthorized or malformed security scan requests. May include audit logging of all security tool invocations for compliance tracking.","intents":["I want to ensure only authorized clients can trigger security scans through this MCP server","I need to validate that scan requests include required parameters before sending to Aikido","I want to log all security scanning activity for compliance and audit purposes"],"best_for":["Organizations with strict security and compliance requirements (SOC2, ISO27001)","Teams deploying MCP servers in multi-tenant or untrusted network environments","Enterprises needing audit trails of all security tool usage"],"limitations":["Validation logic adds ~10-20ms latency per request","No built-in authentication beyond MCP protocol-level security — relies on network-level auth (mTLS, API keys)","Audit logging requires external storage (database, log aggregation service) — no built-in persistence","Rate limiting is per-server instance — no distributed rate limiting across multiple server replicas"],"requires":["MCP client with proper authentication setup","Optional: external audit logging service (Datadog, Splunk, CloudWatch)","Optional: rate limiting configuration (requests per minute, per client)"],"input_types":["MCP tool invocation requests (JSON-RPC)","client identity/credentials (implicit in MCP transport)","scan parameters (JSON)"],"output_types":["validation success/failure response (JSON-RPC error or success)","audit log entries (structured JSON)","rate limit status (HTTP headers or JSON metadata)"],"categories":["safety-moderation","tool-use-integration"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"npm-aikidosec-mcp__cap_4","uri":"capability://tool.use.integration.aikido.backend.integration.and.error.handling.for.mcp","name":"aikido backend integration and error handling for mcp","description":"Manages communication with Aikido's security scanning backend (cloud API or self-hosted instance), translating MCP tool invocations into Aikido API calls and converting responses back to MCP-compatible JSON. Implements retry logic, timeout handling, and graceful degradation when Aikido backend is unavailable. Likely includes connection pooling and caching of frequently-used scan results to reduce backend load.","intents":["I want security scans triggered through MCP to reliably reach Aikido's backend even with network issues","I need meaningful error messages when Aikido scanning fails so the LLM can handle it gracefully","I want to reduce backend load by caching results of identical scans"],"best_for":["Teams running Aikido in cloud or self-hosted environments with variable network conditions","Organizations needing high-availability security scanning through MCP","Developers building resilient LLM agents that gracefully handle security tool failures"],"limitations":["Retry logic may add 5-30 seconds latency on backend failures","Result caching is in-memory only — lost on server restart, no distributed cache support","No circuit breaker pattern — repeated backend failures will continue to retry indefinitely","Timeout values are fixed at server startup — cannot adjust per-request"],"requires":["Aikido API endpoint (cloud or self-hosted)","Valid Aikido API credentials","Network connectivity to Aikido backend"],"input_types":["MCP tool invocation (JSON-RPC)","Aikido API request (translated from MCP format)"],"output_types":["Aikido API response (JSON)","MCP-formatted response (JSON-RPC)","error responses with retry guidance"],"categories":["tool-use-integration","automation-workflow"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"npm-aikidosec-mcp__cap_5","uri":"capability://data.processing.analysis.code.context.extraction.and.normalization.for.security.scanning","name":"code context extraction and normalization for security scanning","description":"Extracts and normalizes code context from MCP client requests (code snippets, file paths, repository metadata) into a format suitable for Aikido's security scanning engine. Handles multiple input formats (raw code strings, file paths, git repository references) and normalizes them into a canonical representation. May include language detection, dependency extraction, and framework identification to route scans to appropriate Aikido analyzers.","intents":["I want to send code snippets to Aikido for scanning without manually formatting them","I need Aikido to automatically detect the programming language and apply appropriate security rules","I want to scan a specific file or directory in a repository without uploading the entire codebase"],"best_for":["Developers using Claude to analyze code snippets for vulnerabilities","Teams integrating Aikido scanning into LLM-driven code review workflows","Organizations needing flexible input formats for security scanning (snippets, files, repos)"],"limitations":["Language detection may fail for ambiguous or polyglot code — requires explicit language hints","File path resolution requires access to the repository filesystem — cannot scan remote repositories without cloning","Large code snippets (>100KB) may exceed MCP message size limits — requires chunking or streaming","Dependency extraction is language-specific — not all languages supported equally"],"requires":["Code input (string, file path, or repository reference)","Optional: language hint (string)","Optional: file system access for path-based inputs"],"input_types":["code snippet (string)","file path (string)","repository reference (git URL, local path)","language hint (string)","framework hint (string)"],"output_types":["normalized code context (JSON object with code, language, dependencies, metadata)","language/framework detection results (JSON)","routing hints for Aikido analyzers (JSON)"],"categories":["data-processing-analysis","tool-use-integration"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"npm-aikidosec-mcp__cap_6","uri":"capability://data.processing.analysis.vulnerability.finding.aggregation.and.formatting.for.llm.consumption","name":"vulnerability finding aggregation and formatting for llm consumption","description":"Aggregates security findings from Aikido's backend, deduplicates results, and formats them for optimal LLM consumption. Transforms raw vulnerability data into structured JSON with human-readable descriptions, severity levels, CWE/CVE references, and remediation guidance. May include filtering by severity, deduplication of similar findings, and ranking by exploitability or business impact.","intents":["I want security findings formatted in a way Claude can easily understand and act on","I need to filter findings by severity to focus on critical issues","I want remediation guidance included with each finding so Claude can suggest fixes"],"best_for":["Teams using Claude for security analysis and remediation guidance","Developers building LLM agents that need to process and act on security findings","Organizations needing human-readable security reports generated by LLMs"],"limitations":["Deduplication logic may miss related findings with slight variations in description","Severity filtering is based on Aikido's severity scale — may not align with organization's risk model","Remediation guidance is sourced from Aikido — may be generic or not applicable to specific codebase","Large finding sets (>1000 vulnerabilities) may exceed LLM context windows — requires pagination or summarization"],"requires":["Raw vulnerability findings from Aikido (JSON)","Optional: severity filter configuration","Optional: deduplication rules"],"input_types":["raw Aikido vulnerability findings (JSON array)","severity filter (string or array)","deduplication rules (JSON)"],"output_types":["formatted vulnerability findings (JSON array with id, severity, cwe, description, remediation, code_location)","summary statistics (JSON with total count, severity breakdown)","paginated results (JSON with offset, limit, total_count)"],"categories":["data-processing-analysis","text-generation-language"],"confidence":0.5,"matches":0,"success_rate":0}],"trust":{"score":36,"verified":false,"data_access_risk":"high","permissions":["Node.js 16+ (typical for npm packages)","MCP client implementation (Claude desktop, or custom MCP client library)","Aikido API credentials or local security scanning engine","Aikido account or self-hosted Aikido instance","API credentials with appropriate security scanning permissions","MCP client with tool invocation support","Aikido API credentials with admin or configuration permissions","Environment variables or config file for server initialization","MCP client capable of querying resources","MCP client with proper authentication setup"],"failure_modes":["MCP protocol overhead adds ~50-100ms per request/response cycle compared to direct API calls","Requires MCP-compatible client (Claude, or custom MCP client implementation)","No built-in request queuing or rate limiting — relies on upstream client for throttling","Limited to MCP v1.x specification — no support for streaming responses in early versions","Scan latency depends on code size and Aikido backend performance — large codebases may timeout","Tool schemas are static at server startup — cannot dynamically add new security checks without restart","No built-in caching of scan results — repeated scans of identical code trigger full re-analysis","Limited to Aikido's supported languages and vulnerability types — cannot extend with custom rules via MCP","Configuration changes require server restart — no hot-reload of policies","No built-in role-based access control (RBAC) — all MCP clients see all configured policies","builder identity is not verified yet","no observed match outcomes yet"],"rank_breakdown":{"adoption":0.4385134906673091,"quality":0.24,"ecosystem":0.42,"match_graph":0.25,"freshness":0.6,"weights":{"adoption":0.25,"quality":0.25,"ecosystem":0.15,"match_graph":0.23,"freshness":0.12}},"observed_outcomes":{"matches":0,"success_rate":0,"avg_confidence":0,"top_intents":[],"last_matched_at":null},"maintenance":{"status":"active","updated_at":"2026-05-24T12:16:23.328Z","last_scraped_at":"2026-05-03T14:04:47.472Z","last_commit":null},"community":{"stars":null,"forks":null,"weekly_downloads":7790,"model_downloads":null,"model_likes":null}},"distribution":{"claim_url":"https://unfragile.ai/submit?claim=aikidosec-mcp","compare_url":"https://unfragile.ai/compare?artifact=aikidosec-mcp"}},"signature":"at455inMYeWGd7XRWwV8bN2Zp9/aSRjo+1aW11f8X1Fza8sQiROP/pd1u7/HUPaChD8o5JzdrCp9MdJ42z2ZCg==","signedAt":"2026-06-20T01:07:04.427Z","signedBy":"unfragile.ai","version":1},"_links":{"self":"https://unfragile.ai/api/v1/passport/aikidosec-mcp","artifact":"https://unfragile.ai/aikidosec-mcp","verify":"https://unfragile.ai/api/v1/verify?slug=aikidosec-mcp","publicKey":"https://unfragile.ai/api/v1/trust-passport-public-key","spec":"https://unfragile.ai/trust","schema":"https://unfragile.ai/schema.json","docs":"https://unfragile.ai/docs"}}