@squirex.dev/mcp-server
OfficialAutomates PR scanning with SARIF output via SquireX GitHub App, providing security checks on every pull request.
Scans Salesforce Agentforce metadata (Apex, Flows, GenAI, etc.) for 61+ security and operational risks, and can push test specs to Salesforce Testing Center.
Analyzes Slack bot configurations for missing DLP guards in Agentforce integrations.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@@squirex.dev/mcp-serverrun a full security scan on my agentforce metadata"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
@squirex.dev/mcp-server
SquireX MCP Server — Agentforce Capability Scanner for AI Coding Agents
Model Context Protocol server exposing the SquireX Agentforce Capability Scanner to AI-powered developer tools. Works with Claude Code, Gemini, GitHub Copilot, and any MCP-compatible IDE.
Why SquireX?
Salesforce Agentforce agents use LLMs to autonomously execute Apex, Flows, and external services. Without guardrails, this creates OWASP LLM Top 10 vulnerabilities:
🔴 Excessive Agency — Agents that modify data without user confirmation
🔴 Prompt Injection — User input that hijacks agent instructions
🔴 Privilege Escalation — Actions running in system context without sharing
🟠 Supply Chain — Stale API versions that silently skip metadata types
SquireX scans your Agentforce metadata with 61+ SAST rules across 27 categories and integrates directly into your AI coding workflow.
Quick Start
Add to your AI IDE configuration (Claude Code, Gemini, VS Code, JetBrains):
{
"mcpServers": {
"squirex": {
"command": "npx",
"args": ["-y", "@squirex.dev/mcp-server"],
"env": {
"SQUIREX_PROJECT_DIR": "/path/to/your/salesforce/project"
}
}
}
}That's it. Your AI agent now has access to the Agentforce Capability Scanner.
MCP Surface
Tools (16)
Core Scanning (Primary Value)
Tool | Description |
| Run all 61+ SAST rules against the project. Returns SARIF. |
| Scan a single metadata file ( |
| Run a specific rule (e.g., |
Rule Intelligence
Tool | Description |
| List all 61+ rules with ID, category, severity |
| Deep dive: description + remediation guidance |
| Root-cause analysis for a specific violation |
| Generate a code/metadata fix suggestion |
Apex Testing & Schema
Tool | Description |
| Execute Apex tests locally using the Go interpreter |
| Extract line-level code coverage data |
| Aggregate inferred SObject schema from the codebase |
| Predict merge conflicts between branches |
| Generate SARIF for CI/CD pipeline integration |
Testing Center Bridge
Tool | Description |
| Convert scan violations → Agentforce DX test YAML for Testing Center |
| Validate DX test spec syntax and schema |
| Push test spec to Salesforce via |
| Get status/results of a Testing Center test run |
Resources (6)
URI | Description |
| Complete 51+ rule catalog |
| Rule detail with remediation |
| Latest scan results (SARIF) |
| Inferred SObject schema |
| Latest Apex test results |
| Latest code coverage |
Prompts (4)
Prompt | What It Does |
| Full 51+ rule scan → prioritized remediation plan |
| Diagnose + fix a specific violation |
| Proactive defense-in-depth review |
| Generate Agentforce DX test YAML specs for Testing Center |
Agentforce Capability Scanner — 61+ Rules
# | Category | Rules | Severity |
1 | Action Configuration | Mandatory Confirmation, Schema Sync, Privilege Analysis | 🔴 Critical / 🟠 High |
2 | Agent Script Safety | Validation Guards, Transition Integrity, Prompt Injection Defense | 🔴 Critical / 🟠 High |
3 | Grounding Security | Hardcoded Secrets, FLS Masking Alignment | 🔴 Critical / 🟠 High |
4 | Structural Dependency | Planner Completeness, Deactivation Collision, Evaluation Governance | 🟠 High / 🟡 Medium |
5 | Flow Security | Flow Context/Silent State/Injection, API Injection, PT Poisoning/Activation | 🔴 Critical / 🟠 High |
6 | Supply Chain Security | API Downgrade, Schema Desync, Managed Package Origin | 🟠 High / 🟡 Medium |
7 | Agentic Architecture | Topic Bloat, Skill Semantics, Orphaned Bot Evaluation | 🟠 High / 🟡 Medium |
9 | Instruction Integrity | Metadata Instruction Poisoning, Cross-Topic Boundary | 🔴 Critical / 🟠 High |
10 | Operational Reliability | Validation Conflict | 🟡 Medium |
11 | Autonomous Scheduling | Unguarded Scheduled Action, Time-Window Privilege Drift | 🔴 Critical / 🟠 High |
12 | Copilot Studio Config | Memory Poisoning, API Version Drift | 🔴 Critical |
13 | Data Cloud Grounding | RAG Without Schema Classification | 🔴 Critical |
14 | Slack Integration | Slack Bot Without DLP Guard | 🟠 High |
15 | External Service Security | Certificate Pinning, Dynamic Cloaking RAG | 🟠 High |
16 | Custom Permission | Agent Action Without Permission Gate | 🟠 High |
17 | Commerce | Idempotency Key, Amount Bounds Check | 🔴 Critical |
18 | Multi-Agent Orchestration | Compositional Fragment Trap, Sybil Identity | 🔴 Critical / 🟠 High |
19 | Platform Event / CDC | Sub-agent Spawning Loop, CDC Field Filter | 🔴 Critical / 🟠 High |
20–24 | OWASP LLM Top 10 | Excessive Agency, Data Exfil, SSRF, DoS, MCP Auth | 🔴 Critical / 🟠 High |
30–34 | Enterprise Graph | PII Graph, Privilege Graph, Blast Radius, MCP Scope, XSS Graph | 🔴 Critical / 🟠 High |
Supported Metadata Types
.genAiFunction-meta.xml.genAiPlugin-meta.xml.genAiPlannerBundle-meta.xml.genAiPromptTemplate-meta.xml.genAiPromptTemplateActv-meta.xml.agentfiles.cls(Apex classes).trigger(Apex triggers).namedCredential-meta.xml.connectedApp-meta.xml.field-meta.xml.aiEvaluationDefinition-meta.xml.flow-meta.xmlschema.jsonsfdx-project.jsonpackage.xmlLWC components (
.jsinlwc/dirs)
How It Works
AI Coding Agent (Claude / Gemini / Copilot)
│
│ MCP Protocol (stdio)
▼
┌─────────────────────────┐
│ @squirex.dev/mcp-server │ ← This package
│ 16 tools, 6 resources │
│ 4 prompts │
└───────┬─────────────────┘
│ spawn
▼
┌─────────────────────────┐
│ squirex CLI │
│ scan / generate-tests │ ← Testing Center bridge
└───────┬─────────────────┘
│ JSON IPC
▼
┌─────────────────────────┐ ┌─────────────────────┐
│ squireinterp │ │ sf agent test run │
│ Go Execution Engine │ │ (Salesforce CLI) │
│ 61+ SAST Rules │ │ → Testing Center │
└─────────────────────────┘ └─────────────────────┘The Testing Center bridge tools delegate to squirex generate-tests, which:
Runs a capability scan (or reads existing SARIF)
Converts violations to Agentforce DX test YAML (all 61+ rules, normalized
AGENTFORCE-X.YIDs)Optionally validates and pushes to the Salesforce Testing Center via
sf agent test run
Requirements
Node.js ≥ 18
squirexCLI installed (or available via npx)A Salesforce project with Agentforce metadata
GitHub App Integration
For automated PR scanning, install the SquireX GitHub App — one-click setup, 51+ rule scan on every pull request, SARIF in your Security tab.
Plan | Public Repos | Private Repos | Price |
Free | Unlimited | — | $0 |
Pro | Unlimited | 1 | $49/repo/month |
Enterprise | Unlimited | Unlimited | $299/org/month |
License
Proprietary — See LICENSE.md
Copyright © 2026 SquireX. All Rights Reserved.
⚡ Built by SquireX — Securing the AI Agent Pipeline
This server cannot be installed
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/SquireX-dev/squirex-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server