Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| scan_project | Scan a project directory for CVE vulnerabilities. Automatically detects npm (package-lock.json), Python (requirements.txt / Pipfile.lock / poetry.lock), Go (go.sum), and Rust (Cargo.lock) manifests. Queries live CVE data from OSV.dev. Returns structured vulnerability report with severity counts, risk score, and fix recommendations. Use this as the first step before open_dashboard or apply_fixes. |
| open_dashboard | Launch the osv-ui visual dashboard in the browser for human review. This is the HUMAN-IN-THE-LOOP step — always offer this before applying fixes. The dashboard shows full CVE details, severity charts, and the upgrade guide. Returns the dashboard URL. If already running for this path, returns existing URL. |
| get_fix_commands | Get the safe upgrade commands for vulnerable packages WITHOUT executing them. Use this to show the user what will be changed before calling apply_fixes. Returns a list of commands grouped by ecosystem (npm install / pip install). |
| apply_fixes | Execute package upgrade commands to fix CVEs. IMPORTANT: This is a DESTRUCTIVE action that modifies package files. ALWAYS call get_fix_commands first and confirm with the user before calling this. Returns the command output for each fix applied. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |