How do I use ScanRook MCP Server?

1. Click on "Install Server". 2. Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state. 3. In the chat, type @ followed by the MCP server name and your instructions, e.g., "@ScanRook MCP Server Scan node:20-alpine for vulnerabilities" That's it! The server will respond to your query, and you can continue using it as needed. Here is a step-by-step guide with screenshots.

de en es ja ko ru zh

ScanRook MCP Server

by devinshawntripp

Overview Schema Related Servers Score Discussions

JavaScript

Remote

ScanRook MCP Server

An MCP (Model Context Protocol) server that gives AI assistants vulnerability scanning capabilities via ScanRook.

Tools

Tool	Description
`scan_image`	Scan a Docker/OCI image for vulnerabilities
`scan_status`	Check scan progress and results
`get_findings`	Get detailed vulnerability findings
`search_cve`	Look up a specific CVE
`list_scans`	List recent scans
`analyze_licenses`	Check license compliance
`compare_scans`	Compare findings between two scans
`check_package`	Check a package for known vulnerabilities

Setup

Install

npm install -g scanrook-mcp

Configure

Set your ScanRook API key:

export SCANROOK_API_KEY="your-api-key"
export SCANROOK_API_URL="https://scanrook.io"  # optional, defaults to scanrook.io

Use with Claude Code

Add to your Claude Code MCP settings:

{
  "mcpServers": {
    "scanrook": {
      "command": "scanrook-mcp",
      "env": {
        "SCANROOK_API_KEY": "your-api-key"
      }
    }
  }
}

Use with Claude Desktop

Add to ~/Library/Application Support/Claude/claude_desktop_config.json:

{
  "mcpServers": {
    "scanrook": {
      "command": "npx",
      "args": ["scanrook-mcp"],
      "env": {
        "SCANROOK_API_KEY": "your-api-key"
      }
    }
  }
}

Examples

Once connected, you can ask your AI assistant:

"Scan nginx:1.27 for vulnerabilities"
"What's the status of my last scan?"
"Show me the critical findings"
"Is CVE-2024-0727 in my image?"
"Check if lodash 4.17.20 has any known vulnerabilities"
"Compare my latest scan with last week's scan"
"Analyze the licenses in my last scan"

Environment Variables

Variable	Default	Description
`SCANROOK_API_KEY`	(required)	Your ScanRook API key
`SCANROOK_API_URL`	`https://scanrook.io`	ScanRook API base URL

Install Server

license - permissive license

quality

maintenance

How are these scores calculated?

Maintenance

–Maintainers

–Response time

–Release cycle

–Releases (12mo)

Commit activity

Resources

Need Help?

Related Servers

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Tools

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/devinshawntripp/scanrook-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server