kasra-mcp
The kasra-mcp server provides local code security scanning and rule management by integrating with the Kasra API. It reads local file content directly from your machine and is designed to integrate with AI tools such as Claude Desktop, Cursor, and Claude Code.
Scan files or directories (
kasra_scan_file): Provide a path to a single file or an entire directory; the server reads the contents locally and submits them to the Kasra API. It detects issues such as SQL injection, XSS, hardcoded secrets, Docker/Kubernetes misconfigurations, and more across all major programming languages and config formats.List security rules (
kasra_get_rules): Retrieve all loaded security rules with their severity levels, actions, and enabled/disabled status. Optionally filter by severity (P0, P1, P2) or show only enabled rules.Check API health (
health): Verify that the Kasra API is reachable and the scanning engine is operational.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@kasra-mcpscan src/main.py for security issues"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
kasra-mcp
Kasra MCP Server — local code review via the Model Context Protocol.
Reads files on your machine and sends them to the Kasra API for security scanning. Designed to work with AI tools like Claude Desktop, Cursor, Claude Code, and any MCP-compatible client.
Install
pip install kasra-mcpRequires Python 3.11+.
Related MCP server: Codebase MCP Server
Quick Start
# Verify installation
python3 -m kasra_mcp.server --helpThe server connects to a Kasra API instance (default: http://localhost:8090).
Configuration
Environment variables:
Variable | Default | Description |
|
| Kasra API base URL |
|
| API key for authentication |
Tools
kasra_scan_file
Scan a file or directory for security vulnerabilities.
Parameter | Type | Description |
|
| Path to a file or directory to scan |
Supports both single files and directories. Ignores common non-source files (images, binaries, .git, node_modules, etc.).
kasra_get_rules
List all loaded security rules.
Parameter | Type | Description |
|
| Filter by severity (P0, P1, P2) |
|
| Only return enabled rules |
health
Check the Kasra API connection and engine status.
Integration with AI Tools
Claude Desktop
{
"mcpServers": {
"kasra": {
"command": "python3",
"args": ["-m", "kasra_mcp.server"],
"env": {
"KASRA_API_URL": "http://localhost:8090",
"KASRA_API_KEY": "your-api-key-here"
}
}
}
}Paste this into ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows).
Cursor
{
"mcpServers": {
"kasra": {
"command": "python3",
"args": ["-m", "kasra_mcp.server"],
"env": {
"KASRA_API_URL": "http://localhost:8090",
"KASRA_API_KEY": "your-api-key-here"
}
}
}
}Claude Code
{
"mcpServers": {
"kasra": {
"command": "python3",
"args": ["-m", "kasra_mcp.server"],
"env": {
"KASRA_API_URL": "http://localhost:8090",
"KASRA_API_KEY": "your-api-key-here"
}
}
}
}How it works
Claude Desktop / Cursor / Claude Code
│
│ stdio (JSON-RPC over stdin/stdout)
▼
┌─────────────────┐ POST /v1/scan/file ┌────────────────┐
│ kasra-mcp │ ─────────────────────────────→ │ Kasra API │
│ │ POST /v1/rules/export │ (Docker) │
│ reads local │ ←───────────────────────────── │ 193 rules │
│ file content │ findings + results │ CR scanning │
└─────────────────┘ └────────────────┘Claude Desktop starts
kasra-mcpas a subprocess (stdio transport)When the user asks to scan a file, Claude calls
kasra_scan_filewith a pathkasra-mcpreads the file content from local diskSends the content to the Kasra API via
POST /v1/scan/fileKasra API runs 83 code review rules, returns findings
kasra-mcpreturns the results to Claude
The MCP server never stores your code — it reads, sends, and discards.
Development
git clone <repo>
cd kasra-mcp
pip install -e .
python3 -m kasra_mcp.serverMaintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/yuanjianking/kasra-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server