Skip to main content
Glama
ElytraSec

Elytra Security MCP Server

Official
by ElytraSec
OverviewSchemaRelated ServersScoreDiscussions
TypeScript
Remote

@elytrasec/mcp

Elytra Security as a Model Context Protocol server. Give your AI coding agent (Claude Desktop, Cursor, Cline, Zed) the ability to scan smart contracts and code, check 12 famous-hack patterns, and return public Elytra security receipts — without leaving the IDE.

173 detection rules. ERC-8004 verified agent. x402 pay-per-call in USDC on Base + Solana.

Install

Claude Desktop

Add to ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows):

{
  "mcpServers": {
    "elytra": {
      "command": "npx",
      "args": ["-y", "@elytrasec/mcp@latest"]
    }
  }
}

Restart Claude Desktop. The 4 Elytra tools appear in the MCP indicator.

Cursor

Settings → MCP → Add server:

{ "command": "npx", "args": ["-y", "@elytrasec/mcp@latest"] }

Cline / Continue / any MCP-compatible client

Same one-liner — install as a stdio server with the npx command above.

Tools

Tool

What it does

elytra_scan

Scan a code snippet for security vulnerabilities

elytra_scan_address

Scan a deployed contract by 0x address (Ethereum / Base / Arbitrum / Optimism / Polygon)

elytra_replay_hacks

Test code against 12 famous-exploit patterns ($3.04B combined losses): Bybit, Ronin, Euler, Beanstalk, Multichain, Curve, Radiant, zkSync, Cream, Wormhole, Nomad, Mango

elytra_agent_identity

Return Elytra's onchain agent card (ERC-8004, pricing, capabilities)

Privacy & safety

This MCP server is a thin, read-only client over Elytra's public HTTP API. Specifically:

  • No shell execution. The server never spawns child processes or executes shell commands.

  • No file writes. The server reads nothing from disk and writes nothing to disk.

  • No private keys. The server never reads, requests, generates, or stores private keys.

  • No wallet signing. The server never signs transactions or messages. Any onchain payments (x402) are settled by Elytra's facilitators, not by this server.

  • Sends only what you ask it to. Each tool call forwards exactly the code, address, or query the AI agent passed in — nothing more. No telemetry, no ambient file reads, no background uploads.

  • May return public receipt URLs. Depending on Elytra's API mode, a scan can produce a public receipt page at https://elytrasec.io/r/<id>. The URL is returned to you; you decide whether to share it.

Optional env vars

  • ELYTRA_API_KEY — Bearer key for the paid /api/v1/scan endpoint (bypasses x402 micropayment for higher throughput). Contact hello@elytrasec.io.

  • ELYTRA_BASE_URL — Override the default https://elytrasec.io (for self-hosting).

Pricing

All tools above hit Elytra's free public endpoints. For higher rate limits or AI-powered deep review, the underlying API supports x402 pay-per-call in USDC on Base or Solana (1¢ per scan, 2¢ per review).

License

MIT

Install Server
A
license - permissive license
A
quality
C
maintenance

How are these scores calculated?

Maintenance

Maintainers
Response time
Release cycle
1Releases (12mo)

Resources

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/ElytraSec/mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server