{"passport":{"unfragile":{"@version":"1.0","version":"2026-05","artifact":{"id":"npm_npm-aikidosecmcp","slug":"npm-aikidosecmcp","name":"@aikidosec/mcp","type":"mcp","url":"https://www.npmjs.com/package/@aikidosec/mcp","page_url":"https://unfragile.ai/npm-aikidosecmcp","categories":["mcp-servers"],"tags":["aikido","mcp","server","security"],"pricing":{"model":"open_source","free":true,"starting_price":null},"status":"active","verified":false},"capabilities":[{"id":"npm_npm-aikidosecmcp__cap_0","uri":"capability://tool.use.integration.mcp.server.protocol.implementation.for.security.scanning","name":"mcp server protocol implementation for security scanning","description":"Implements the Model Context Protocol (MCP) server specification, exposing security scanning and code analysis capabilities through a standardized interface that LLM clients can discover and invoke. Uses MCP's resource and tool registration patterns to advertise available security operations, handle JSON-RPC message routing, and manage bidirectional communication with MCP-compatible clients (Claude, custom LLM applications). Enables seamless integration of Aikido's security analysis into AI-driven development workflows without custom API bindings.","intents":["I want to integrate Aikido security scanning into Claude or other MCP-compatible LLM clients","I need to expose security analysis capabilities as discoverable tools in an AI agent","I want to standardize how my LLM accesses security scanning without building custom integrations"],"best_for":["AI agent developers building security-aware coding assistants","Teams using Claude with MCP support who want native Aikido integration","Organizations standardizing on MCP for LLM tool orchestration"],"limitations":["Requires MCP client support — not compatible with non-MCP LLM platforms (e.g., direct OpenAI API calls without MCP wrapper)","MCP protocol overhead adds latency compared to direct REST API calls","Limited to MCP's request/response model — no streaming security scan results"],"requires":["Node.js 16+ (typical MCP server runtime requirement)","MCP-compatible client (Claude with MCP support, or custom MCP client implementation)","Aikido API credentials or local security scanning engine"],"input_types":["code snippets (text)","file paths (string)","configuration objects (JSON)"],"output_types":["security findings (structured JSON)","vulnerability reports (text/markdown)","remediation suggestions (text)"],"categories":["tool-use-integration","mcp-server"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"npm_npm-aikidosecmcp__cap_1","uri":"capability://safety.moderation.security.vulnerability.detection.via.static.code.analysis","name":"security vulnerability detection via static code analysis","description":"Performs static analysis on code to identify security vulnerabilities, misconfigurations, and code quality issues. Likely uses AST parsing, pattern matching, or rule-based engines to scan code without execution. Integrates with MCP to expose findings as structured tool outputs that LLMs can reason about and suggest fixes for. Supports multiple languages and vulnerability categories (injection, authentication, data exposure, etc.).","intents":["I want to scan code for security vulnerabilities as part of my AI-assisted development workflow","I need to identify OWASP Top 10 issues in code before deployment","I want my LLM assistant to suggest security fixes based on detected vulnerabilities"],"best_for":["Developers integrating security scanning into AI coding assistants","Security teams automating vulnerability detection in LLM-generated code","Organizations building secure-by-default AI development workflows"],"limitations":["Static analysis cannot detect runtime vulnerabilities or logic flaws that require execution context","Accuracy depends on rule quality — may produce false positives or miss novel attack patterns","Performance scales with codebase size; large monorepos may experience scan latency"],"requires":["Code in supported language (JavaScript, TypeScript, Python, Java, etc. — specific list unknown)","MCP client to invoke the scanning capability","Aikido security rules/database (local or cloud-based)"],"input_types":["source code (text/file paths)","code snippets (string)"],"output_types":["vulnerability findings (JSON with severity, type, location)","remediation suggestions (text)"],"categories":["safety-moderation","code-generation-editing"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"npm_npm-aikidosecmcp__cap_2","uri":"capability://tool.use.integration.tool.registration.and.discovery.for.mcp.clients","name":"tool registration and discovery for mcp clients","description":"Registers security scanning and analysis tools with the MCP protocol's tool registry, allowing MCP clients to discover available operations, their parameters, and expected outputs through introspection. Implements MCP's tools/list and tools/call endpoints to advertise capabilities (e.g., 'scan_code', 'check_dependencies') with JSON schemas defining input parameters and return types. Enables LLM clients to dynamically understand what security operations are available without hardcoded knowledge.","intents":["I want my MCP client to automatically discover what security tools Aikido exposes","I need to define tool schemas so LLMs can invoke security scanning with correct parameters","I want to add new security capabilities without updating client code"],"best_for":["MCP client developers building dynamic tool discovery","Teams extending Aikido with custom security tools via MCP","Organizations standardizing on MCP for tool orchestration"],"limitations":["Tool discovery is static at server startup — dynamic tool addition requires server restart","Schema complexity may limit LLM's ability to correctly invoke tools if schemas are poorly designed","No built-in versioning for tool schemas — breaking changes require client updates"],"requires":["MCP protocol version 1.0+ (or whatever version Aikido targets)","MCP client implementation with tools/list and tools/call support"],"input_types":["tool discovery requests (MCP protocol messages)"],"output_types":["tool metadata (JSON with name, description, parameters schema)","tool execution results (JSON)"],"categories":["tool-use-integration","mcp-server"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"npm_npm-aikidosecmcp__cap_3","uri":"capability://safety.moderation.dependency.vulnerability.scanning.and.supply.chain.analysis","name":"dependency vulnerability scanning and supply chain analysis","description":"Scans project dependencies (npm packages, Python libraries, etc.) for known vulnerabilities using vulnerability databases (likely CVE, npm audit, or similar sources). Analyzes dependency trees to identify transitive vulnerabilities and outdated packages. Exposes findings through MCP tools so LLMs can recommend dependency updates or alternative packages. May include license compliance checking and supply chain risk assessment.","intents":["I want to check if my project dependencies have known vulnerabilities","I need my LLM assistant to suggest safe dependency updates","I want to identify supply chain risks in my codebase"],"best_for":["Developers using AI assistants to manage dependency security","Security teams automating supply chain risk detection","Organizations with strict dependency governance policies"],"limitations":["Vulnerability databases have lag time — zero-day vulnerabilities may not be detected immediately","Dependency resolution is language-specific — requires separate scanners for each package manager","False positives common when vulnerabilities don't affect specific code paths"],"requires":["Project manifest file (package.json, requirements.txt, pom.xml, etc.)","Access to vulnerability database (CVE, npm audit API, or similar)","MCP client to invoke scanning"],"input_types":["dependency manifest files (package.json, requirements.txt, etc.)","project root path (string)"],"output_types":["vulnerability list (JSON with CVE ID, severity, affected versions)","remediation recommendations (text with suggested versions)"],"categories":["safety-moderation","data-processing-analysis"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"npm_npm-aikidosecmcp__cap_4","uri":"capability://safety.moderation.configuration.and.secrets.scanning","name":"configuration and secrets scanning","description":"Scans code and configuration files for exposed secrets (API keys, database credentials, tokens), misconfigurations, and hardcoded sensitive data. Uses pattern matching, entropy analysis, or regex rules to detect common secret formats (AWS keys, private keys, database URLs). Integrates with MCP to expose findings as tools that LLMs can use to identify and remediate secret exposure. May support multiple configuration formats (YAML, JSON, .env files).","intents":["I want to detect hardcoded secrets in my codebase before committing","I need my LLM assistant to identify configuration vulnerabilities","I want to scan for exposed credentials in code repositories"],"best_for":["Developers preventing accidental secret commits","Security teams automating secret detection in code review","Organizations with strict secrets management policies"],"limitations":["Pattern-based detection produces false positives (e.g., test data matching secret patterns)","Cannot detect secrets obfuscated or encoded in non-standard ways","Entropy-based detection may miss low-entropy secrets or produce false positives on legitimate data"],"requires":["Source code or configuration files (text)","MCP client to invoke scanning","Secret pattern database (regex rules, entropy thresholds)"],"input_types":["source code (text/file paths)","configuration files (YAML, JSON, .env, etc.)"],"output_types":["secret findings (JSON with location, type, confidence)","remediation guidance (text)"],"categories":["safety-moderation","data-processing-analysis"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"npm_npm-aikidosecmcp__cap_5","uri":"capability://code.generation.editing.code.quality.and.best.practices.analysis","name":"code quality and best practices analysis","description":"Analyzes code for quality issues, style violations, and deviations from best practices (e.g., unused variables, complex functions, missing error handling). Uses AST analysis or linting rules to identify code smells and maintainability issues. Exposes findings through MCP tools so LLMs can suggest refactoring or improvements. May integrate with language-specific linters (ESLint, Pylint, etc.) or use proprietary rules.","intents":["I want my LLM assistant to suggest code quality improvements","I need to identify code smells and maintainability issues","I want to enforce coding standards through AI-assisted review"],"best_for":["Development teams using AI for code review and quality assurance","Developers seeking real-time code quality feedback","Organizations standardizing code quality through AI"],"limitations":["Quality metrics are subjective — different teams may have different standards","Analysis may not understand business context or intentional design decisions","Language-specific rules may not apply across polyglot codebases"],"requires":["Source code (text/file paths)","MCP client to invoke analysis","Code quality rules or linter configuration"],"input_types":["source code (text/file paths)"],"output_types":["quality findings (JSON with issue type, severity, location)","improvement suggestions (text)"],"categories":["code-generation-editing","data-processing-analysis"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"npm_npm-aikidosecmcp__cap_6","uri":"capability://tool.use.integration.mcp.resource.management.and.context.handling","name":"mcp resource management and context handling","description":"Manages MCP resource lifecycle including file access, caching, and context passing between client and server. Implements MCP's resources/list and resources/read endpoints to expose code files, configuration, and analysis results as accessible resources. Handles resource URI schemes, caching strategies, and memory management to efficiently serve large codebases to LLM clients. May implement incremental scanning or result caching to reduce latency.","intents":["I want to efficiently pass code context to my LLM through MCP resources","I need to cache security scan results to avoid redundant analysis","I want to manage file access and permissions through MCP"],"best_for":["MCP server developers managing large codebases","Teams optimizing LLM context window usage","Organizations with strict file access controls"],"limitations":["Resource caching adds complexity and may serve stale data if code changes frequently","Large codebases may exceed LLM context window limits even with resource management","MCP resource protocol has no built-in streaming — large files may timeout"],"requires":["MCP protocol support for resources/list and resources/read","File system access or code repository integration","Memory management strategy for caching"],"input_types":["resource URIs (string)","file paths (string)"],"output_types":["resource metadata (JSON)","resource content (text/binary)"],"categories":["tool-use-integration","memory-knowledge"],"confidence":0.5,"matches":0,"success_rate":0}],"trust":{"score":27,"verified":false,"data_access_risk":"high","permissions":["Node.js 16+ (typical MCP server runtime requirement)","MCP-compatible client (Claude with MCP support, or custom MCP client implementation)","Aikido API credentials or local security scanning engine","Code in supported language (JavaScript, TypeScript, Python, Java, etc. — specific list unknown)","MCP client to invoke the scanning capability","Aikido security rules/database (local or cloud-based)","MCP protocol version 1.0+ (or whatever version Aikido targets)","MCP client implementation with tools/list and tools/call support","Project manifest file (package.json, requirements.txt, pom.xml, etc.)","Access to vulnerability database (CVE, npm audit API, or similar)"],"failure_modes":["Requires MCP client support — not compatible with non-MCP LLM platforms (e.g., direct OpenAI API calls without MCP wrapper)","MCP protocol overhead adds latency compared to direct REST API calls","Limited to MCP's request/response model — no streaming security scan results","Static analysis cannot detect runtime vulnerabilities or logic flaws that require execution context","Accuracy depends on rule quality — may produce false positives or miss novel attack patterns","Performance scales with codebase size; large monorepos may experience scan latency","Tool discovery is static at server startup — dynamic tool addition requires server restart","Schema complexity may limit LLM's ability to correctly invoke tools if schemas are poorly designed","No built-in versioning for tool schemas — breaking changes require client updates","Vulnerability databases have lag time — zero-day vulnerabilities may not be detected immediately","builder identity is not verified yet","no observed match outcomes yet"],"rank_breakdown":{"adoption":0.05,"quality":0.24,"ecosystem":0.42,"match_graph":0.25,"freshness":0.6,"weights":{"adoption":0.25,"quality":0.25,"ecosystem":0.15,"match_graph":0.23,"freshness":0.12}},"observed_outcomes":{"matches":0,"success_rate":0,"avg_confidence":0,"top_intents":[],"last_matched_at":null},"maintenance":{"status":"active","updated_at":"2026-05-24T12:16:23.903Z","last_scraped_at":"2026-05-03T14:23:34.759Z","last_commit":null},"community":{"stars":null,"forks":null,"weekly_downloads":null,"model_downloads":null,"model_likes":null}},"distribution":{"claim_url":"https://unfragile.ai/submit?claim=npm-aikidosecmcp","compare_url":"https://unfragile.ai/compare?artifact=npm-aikidosecmcp"}},"signature":"lSOLQAMqUK+OSKyB0GiQN8xek/WBjMULKHt+fQvNVgGX36f5DVPgoq8GTFDZX37+VCTZ0rbr4w1/fmU/OAyPCQ==","signedAt":"2026-06-20T00:43:23.517Z","signedBy":"unfragile.ai","version":1},"_links":{"self":"https://unfragile.ai/api/v1/passport/npm-aikidosecmcp","artifact":"https://unfragile.ai/npm-aikidosecmcp","verify":"https://unfragile.ai/api/v1/verify?slug=npm-aikidosecmcp","publicKey":"https://unfragile.ai/api/v1/trust-passport-public-key","spec":"https://unfragile.ai/trust","schema":"https://unfragile.ai/schema.json","docs":"https://unfragile.ai/docs"}}