MCP Hub Security
OfficialClick on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@MCP Hub Securityscan https://github.com/user/repo for vulnerabilities"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Quick install · Claude Code setup · How it works · Tools reference · Get API key
Table of Contents
MCP client configuration — includes watchdog setup for Claude Code
Related MCP server: mcpwatch
What is this?
MCP Hub Security is an MCP server that acts as a security gate for your AI agent workflows. Before your agent runs an MCP server from a Git repository — or loads a Claude Code Skill — it can call this server to get a full vulnerability analysis from mcp-hub.info.
It detects 14 vulnerability classes including:
Prompt injection & instruction override
Secret and credential exposure
Tool poisoning & shadow tools
SSRF and unsafe network calls
Dangerous capabilities (exec, file write, env access)
Data exfiltration vectors
...and more mapped to the OWASP MCP Top 10
Skills support: Claude Code Skills (SKILL.md files) are scanned by 17 dedicated analyzers covering 61 rules — detecting instruction overrides, capability abuse, prompt injection hooks, and more.
Features
MCP server scanning — submit any GitHub, GitLab, or Bitbucket repository and get a security score (0–100), risk level, capabilities list, OWASP coverage, and full findings.
Skill scanning — scan a
SKILL.mdby content or URL; get a pass/fail verdict under configurable policy.Policy engine — configure minimum score, maximum risk level, and denied capabilities via environment variables. The server enforces policy and returns
allowed: true/falsewith clear reasons.Proactive watchdog hook — a Claude Code
PostToolUsehook that automatically scans anySKILL.mdyou create or edit and warns you immediately.Credit-aware — each scan costs 5 credits; cached results (same commit SHA) are free. Balance is always returned.
Zero install steps —
uvxfetches and runs the server on first use; no virtualenv to manage. The server itself talks to the API with the Python stdlib (nohttpx/requests); the only runtime dependency isfastmcp.
Quick install
No installation needed. All configs below use uvx — it fetches and runs the server automatically on first use.
The only thing you need: an API key → mcp-hub.info/accounts/dashboard/ → API Tokens tab.
MCP client configuration
Before you start: get your API key at mcp-hub.info/accounts/dashboard/ → API Tokens. You will need to replace
YOUR_API_KEYin the configs below — that is the only thing you need to change.
Claude Code is the only client with full support: the MCP tools for on-demand scanning AND the proactive Skill watchdog that automatically scans any SKILL.md you write or edit.
1. Get your API key
👉 mcp-hub.info/accounts/dashboard/ → API Tokens → Create token. Copy the key.
2. Add the MCP server — paste into ~/.claude.json (global) or .mcp.json in your project:
{
"mcpServers": {
"mcp-hub-security": {
"command": "uvx",
"args": ["--from", "git+https://github.com/mcp-hub-corp/mcp.git@v2.0.1", "mcp-hub-security"],
"env": {
"MCPHUB_API_KEY": "YOUR_API_KEY"
}
}
}
}Replace YOUR_API_KEY with your key. That's it for the MCP server.
3. Add the Skill watchdog — paste into ~/.claude/settings.json (global) or .claude/settings.json (project):
{
"hooks": {
"PostToolUse": [
{
"matcher": "Write|Edit",
"hooks": [
{
"type": "command",
"command": "uvx --from git+https://github.com/mcp-hub-corp/mcp.git@v2.0.1 mcp-hub-skill-watchdog",
"env": {
"MCPHUB_API_KEY": "YOUR_API_KEY"
}
}
]
}
]
}
}Replace YOUR_API_KEY with the same key. Putting the key in the env block avoids quoting bugs and keeps it out of the shell process list. The watchdog runs automatically — no other config needed.
What the watchdog does:
Every time Claude writes or edits a .md file that looks like a skill (name: + description: frontmatter), the watchdog scans it immediately and shows the verdict:
✅ Safe — brief notice with score and risk, no interruption.
🚫 Blocked — error with the exact policy violation. Claude Code stops.
Run claude — both the server and watchdog are active.
🔑 Get your API key first: mcp-hub.info/accounts/dashboard/ → API Tokens. Replace
YOUR_API_KEYbelow.
Add to ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows):
{
"mcpServers": {
"mcp-hub-security": {
"command": "uvx",
"args": ["--from", "git+https://github.com/mcp-hub-corp/mcp.git@v2.0.1", "mcp-hub-security"],
"env": {
"MCPHUB_API_KEY": "YOUR_API_KEY"
}
}
}
}Restart Claude Desktop. Note: the proactive Skill watchdog is not available in Claude Desktop (no hooks support).
🔑 Get your API key first: mcp-hub.info/accounts/dashboard/ → API Tokens. Replace
YOUR_API_KEYbelow.
Add to .vscode/mcp.json in your workspace (or ~/.vscode/mcp.json globally):
{
"servers": {
"mcp-hub-security": {
"type": "stdio",
"command": "uvx",
"args": ["--from", "git+https://github.com/mcp-hub-corp/mcp.git@v2.0.1", "mcp-hub-security"],
"env": {
"MCPHUB_API_KEY": "YOUR_API_KEY"
}
}
}
}🔑 Get your API key first: mcp-hub.info/accounts/dashboard/ → API Tokens. Replace
YOUR_API_KEYbelow.
Add to ~/.cursor/mcp.json:
{
"mcpServers": {
"mcp-hub-security": {
"command": "uvx",
"args": ["--from", "git+https://github.com/mcp-hub-corp/mcp.git@v2.0.1", "mcp-hub-security"],
"env": {
"MCPHUB_API_KEY": "YOUR_API_KEY"
}
}
}
}Restart Cursor after saving.
🔑 Get your API key first: mcp-hub.info/accounts/dashboard/ → API Tokens. Replace
YOUR_API_KEYbelow.
Add to ~/.windsurf/mcp.json:
{
"mcpServers": {
"mcp-hub-security": {
"command": "uvx",
"args": ["--from", "git+https://github.com/mcp-hub-corp/mcp.git@v2.0.1", "mcp-hub-security"],
"env": {
"MCPHUB_API_KEY": "YOUR_API_KEY"
}
}
}
}🔑 Get your API key first: mcp-hub.info/accounts/dashboard/ → API Tokens. Replace
YOUR_API_KEYbelow.
Add to ~/.config/zed/settings.json under "context_servers":
{
"context_servers": {
"mcp-hub-security": {
"command": {
"path": "uvx",
"args": ["--from", "git+https://github.com/mcp-hub-corp/mcp.git@v2.0.1", "mcp-hub-security"],
"env": {
"MCPHUB_API_KEY": "YOUR_API_KEY"
}
}
}
}
}🔑 Get your API key first: mcp-hub.info/accounts/dashboard/ → API Tokens. Replace
YOUR_API_KEYbelow.
Add to .continue/config.json:
{
"mcpServers": [
{
"name": "mcp-hub-security",
"command": "uvx",
"args": ["--from", "git+https://github.com/mcp-hub-corp/mcp.git@v2.0.1", "mcp-hub-security"],
"env": {
"MCPHUB_API_KEY": "YOUR_API_KEY"
}
}
]
}Environment variables
MCP servers
Variable | Required | Default | Description |
| yes | — | API token from mcp-hub.info/accounts/dashboard/ |
| no |
| API base URL (override for self-hosted) |
| no |
| Minimum security score (0–100). Scans below this are blocked. |
| no |
| Maximum risk level: |
| no | (none) | Comma-separated capabilities to always block. E.g. |
| no |
| Seconds between status polls while scan is running |
| no |
| Maximum seconds to wait for a scan result |
| no |
| What happens when the hub is unreachable / returns a malformed response: |
| no |
| Where cached verdicts are stored for |
| no | (unset) | When set, pins the hub TLS leaf certificate to this SHA-256 fingerprint (hex, optional |
Skills
Variable | Required | Default | Description |
| no |
| Minimum skill score (0–100). Skills below this are blocked. |
| no |
| Maximum skill risk level: |
Skills use a tighter analyzer (17 analyzers, 61 rules) that is separate from the MCP server scanner. Using different thresholds for each is intentional.
Optional vars: if you do not want to override a default, omit the variable entirely. Do not set it to the empty string. (The server normalizes
""to the default, but some MCP clients refuse to forward empty-stringenventries at all, leading to confusing behavior.)
How it works
MCP server scan pipeline
check_mcp_safety(url) runs four steps automatically:
1. POST /scans/ → submit repo URL, receive check_token
2. GET /scans/checking/{token}/ (poll every 2 s, up to 5 min)
3. GET /scans/{id}/verdict/ → score, risk, capabilities, findings
4. Policy engine → evaluate against your env vars → allowed: true/falseCached results (same repo + same commit SHA) skip steps 1–3 and cost 0 credits.
Skill scan pipeline
check_skill_safety and check_skill_safety_url are synchronous — no polling needed. The API analyses the SKILL.md content immediately and returns the result in a single request.
Policy engine
The policy engine runs locally after every scan. It blocks if any of these conditions are true:
Condition | Controlled by |
|
|
|
|
Any detected capability is in the deny list |
|
Critical findings detected when max risk is |
|
When blocked, the response includes allowed: false, a human-readable reason, and blocked_by_policy with the list of violations.
Risk levels are ordered: safe = none < low < medium < high < critical.
Why MCPs and Skills have separate thresholds
The MCP server scanner and the Skill scanner are different analyzers with different scoring scales and sensitivity levels. Skills get slightly more permissive defaults (min_score: 70, max_risk: medium) because the skill analyzer is purpose-built for SKILL.md structure and has fewer false positives than the general-purpose MCP scanner. You can tighten skill policy independently of MCP policy.
Credits
Operation | Cost |
New scan (MCP or Skill, new commit) | 5 credits |
Cached scan (same commit SHA already scanned) | 0 credits |
| 0 credits |
Available tools
MCP server tools
Tool | Credits | Description |
| 5 (cached=0) | Full pipeline: scan → poll → verdict → policy. Main entry point. |
| 0 | Re-evaluate policy on an existing scan with current env vars. |
| 0 | Full raw result for an existing scan (findings, file paths, CWEs). |
| 0 | Current credit balance and account email. |
Skill tools
Tool | Credits | Description |
| 5 (cached=0) | Scan a |
| 5 (cached=0) | Fetch a raw |
| 0 | Retrieve a previous skill scan result by UUID. |
Examples
Scan an MCP server before installing it
"Before we add the Playwright MCP, check if it's safe: https://github.com/microsoft/playwright-mcp"
Claude will call check_mcp_safety and report the score, capabilities, OWASP risks, and whether it passes your policy.
allowed: true
security_score: 91
risk_level: low
capabilities: [browser_control, network_egress]
owasp_risks: []
credits_consumed: 0 ← cached result, same commitBlock a server that exceeds your policy
If a repo returns risk_level: high and your MCPHUB_MAX_RISK is low:
allowed: false
reason: "MCP server blocked by security policy: Risk level 'high' exceeds maximum 'low'"
blocked_by_policy: ["Risk level 'high' exceeds maximum 'low'"]Scan a Skill before running it
"Check if this skill is safe before loading it"
check_skill_safety(content="---\nname: my-skill\ndescription: ...\n---\n...")Returns:
allowed: true
score: 92
risk_level: low
finding_count: 0
has_critical: falseRe-evaluate policy on an existing scan
Change your policy env vars and re-apply them to a previous scan without consuming credits:
get_verdict(scan_id="550e8400-e29b-41d4-a716-446655440000")Check your credit balance
get_credit_balance()
# → {"credits": 285, "email": "you@example.com"}Troubleshooting
Claude Code says "Failed to connect"
That four-word message is everything Claude Code shows by default when an MCP server fails to start. The real error is captured in a debug file but you have to ask for it.
Step 1 — run a health check yourself. From your terminal, run the same command Claude Code runs, but skip stdio and just print the diagnostic table:
MCPHUB_API_KEY=your-key uvx --from git+https://github.com/mcp-hub-corp/mcp.git@v2.0.1 mcp-hub-security --healthThis prints every MCPHUB_* env var the server sees, validates them, and ends with status: OK or status: UNHEALTHY. Exit code 0 means the server can start; exit code 2 means a config problem (missing API key, invalid risk level, malformed URL).
Step 2 — capture the full stderr. Start Claude Code with --debug-file=/tmp/claude.log:
claude --debug-file=/tmp/claude.logThen tail -f /tmp/claude.log to see every stderr line from every MCP server — including the actual exception that Claude Code is hiding.
Step 3 — for Claude Desktop, logs go to ~/Library/Logs/Claude/mcp-server-mcp-hub-security.log on macOS.
ModuleNotFoundError or stale uvx cache
If you ran an older version once, uvx may have a broken wheel cached. Force a fresh fetch:
uv cache clean mcp-hub-securityThen re-run the original uvx --from git+...@v2.0.1 … command — it will resolve the pinned tag again.
MCPHUB_API_KEY is required
The server now fail-fasts when the API key is missing instead of silently breaking. Set it in the env block of your MCP config (not inline on the command). Get a key at mcp-hub.info/accounts/dashboard/.
Heads-up on empty strings: for any optional
MCPHUB_*variable, leave it out entirely instead of setting it to"". Empty strings are normalized to the default, but tooling that round-trips JSON may interpret them inconsistently.
What version am I running?
uvx --from git+https://github.com/mcp-hub-corp/mcp.git@v2.0.1 mcp-hub-security --version
# → mcp-hub-security 2.0.1Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/mcp-hub-corp/mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server