crowdsec-local-mcp
OfficialClick on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@crowdsec-local-mcpCreate a WAF rule to block SQL injection"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Life is too short to write YAML, just ask nicely!
A Model Context Protocol (MCP) server to generate, validate, and deploy CrowdSec WAF rules & Scenarios.
Features
WAF Rules Features
WAF Rule Generation: Generate CrowdSec WAF rules from user input or a CVE reference
Validation: Validate syntaxical correctness of WAF rules
Linting: Get warnings and hints to improve your WAF rules
Deployment Guide: Step-by-step deployment instructions
Docker Test Harness: Spin up CrowdSec + nginx + bouncer to exercise rules for false positives/negatives
Nuclei Lookup: Quickly jump to existing templates in the official
projectdiscovery/nuclei-templatesrepository for a given CVE
Scenarios Features
CrowdSec Scenarios Generation: Generate CrowdSec scenarios
Validation: Validate syntaxical correctness of scenarios
Linting: Get warnings and hints to improve your scenarios
Deployment Guide: Step-by-step deployment instructions
Docker Test Harness: Spin up CrowdSec to test scenario behavior
Related MCP server: Gen0Sec WAF Rule MCP Server
Demo
WAF Rules Creation and testing
Scenario Creation and testing
Prerequisites
uv 0.4 or newer, which provides the
uvxrunner used in the examples below.Docker with the Compose plugin (Compose v2).
Installation
You can install the MCP using uvx or use packaged .mcpb file for claude code.
Using .mcpb package
If you're using claude desktop, you can configure the MCP directly by double-clicking the .mcpb file that accompanies the release.
On MacOS, configureuv path in the extension settings if uv isn't installed in the standard path.
Using uvx
Configure supported clients automatically with
uvx --from crowdsec-local-mcp init <client>, where<client>is one ofclaude-desktop,claude-code,chatgpt,vscode, orstdio:
uvx --from crowdsec-local-mcp init --dry-run claude-codeRun uvx --from crowdsec-local-mcp init --help to see all flags and supported targets.
What init configures
The init helper writes the CrowdSec MCP server definition into the client’s JSON configuration:
claude-desktop→claude_desktop_config.jsonin the Claude Desktop settings directoryclaude-code→ invokeclaude mcpcommand with needed argschatgpt→config.jsonin the ChatGPT Desktop settings directoryvscode→mcp.jsonfor VS Code (stable and insiders are both detected)
If the client's configuration file already exists, a .bak backup is created before the MCP server block is updated. When the file is missing you can either pass --force to create it, or point --config-path to a custom location. Combine --dry-run with these options to preview the JSON without making any changes.
By default the CLI launches the server with uvx --from crowdsec-local-mcp crowdsec-mcp. If neither uvx nor uv is available, it falls back to your current Python interpreter; you can override the executable with --command and the working directory with --cwd.
Using the stdio target
stdio does not modify any files. Instead, init stdio prints a ready-to-paste JSON snippet that you can drop into any stdio-compatible MCP client configuration. This is useful when you want to manually wire the server into tools that do not have built-in automation support yet.
Troubleshooting
If you just installed the mcp extension via .mcpb and uv or uvx isn't in the standard path, check the extension settings to configure uv path.
Logging
The MCP server writes its log file to your operating system's temporary directory. On Linux/macOS this is typically
/tmp/crowdsec-mcp.log; on Windows it resolves via%TEMP%\crowdsec-mcp.log.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/crowdsecurity/crowdsec-local-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server