Is Security Scorecard free?

Yes, Security Scorecard is free to use.

How do I install Security Scorecard?

Security Scorecard is a local plugin. Install it using npm package: @callmarcus/securityscorecard-mcp and add the generated configuration snippet to your AI app's MCP config file. Then restart your AI app.

What credentials does Security Scorecard need?

Security Scorecard requires the following credentials or environment variables: SECURITY_SCORECARD_API_TOKEN, COMPANY_DOMAIN. You can find setup instructions on the server detail page.

What AI apps work with Security Scorecard?

Security Scorecard uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Security Scorecard MCP Server

by CallMarcus

SecurityLow Risk10.0MCP RegistryLocal

Free

Server data from the Official MCP Registry

Community-built, comprehensive MCP server for the SecurityScorecard API (unofficial).

About

Community-built, comprehensive MCP server for the SecurityScorecard API (unofficial).

Security Report

10.0

Low Risk10.0Low Risk

Valid MCP server (1 strong, 1 medium validity signals). No known CVEs in dependencies. Imported from the Official MCP Registry. 1 finding(s) downgraded by scanner intelligence.

7 files analyzed · 1 issue found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

file_system

Check that this permission is expected for this type of plugin.

env_vars

Check that this permission is expected for this type of plugin.

Shell Command Execution

Runs commands on your machine. Be cautious — only use if you trust this plugin.

HTTP Network Access

Connects to external APIs or services over the internet.

What You'll Need

Set these up before or after installing:

SecurityScorecard API token (get one from your SecurityScorecard dashboard).Required

Environment variable: SECURITY_SCORECARD_API_TOKEN

Optional default company domain for queries (e.g. example.com).Optional

Environment variable: COMPANY_DOMAIN

How to Install

Add this to your MCP configuration file:

{
  "mcpServers": {
    "io-github-callmarcus-securityscorecard-mcp": {
      "env": {
        "COMPANY_DOMAIN": "your-company-domain-here",
        "SECURITY_SCORECARD_API_TOKEN": "your-security-scorecard-api-token-here"
      },
      "args": [
        "-y",
        "@callmarcus/securityscorecard-mcp"
      ],
      "command": "npx"
    }
  }
}

Documentation

View on GitHub

From the project's GitHub README.

SSC MCP Server

A community-built, comprehensive Model Context Protocol (MCP) server for Claude Desktop that integrates with the SecurityScorecard API.

Published on npm as @callmarcus/securityscorecard-mcp and listed in the MCP Registry as io.github.CallMarcus/securityscorecard-mcp.

Disclaimer: This is an independent, community-built open-source project. It is not affiliated with, endorsed by, sponsored by, or associated with SecurityScorecard, Inc. in any way. It is built solely against SecurityScorecard's publicly available API documentation. "SecurityScorecard" and all related names, marks, and logos are trademarks of SecurityScorecard, Inc. and are used here for identification purposes only. You must supply your own API credentials and comply with SecurityScorecard's terms of service.

Quick Start

Prerequisites

Node.js 18+ - Download
SecurityScorecard API Token - Get from your SecurityScorecard dashboard

Option A — Install from npm (recommended)

No clone or build required. Point Claude Desktop at the published package with npx.

Edit your claude_desktop_config.json:

Windows: %APPDATA%\Claude\claude_desktop_config.json
macOS: ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "security-scorecard": {
      "command": "npx",
      "args": ["-y", "@callmarcus/securityscorecard-mcp"],
      "env": {
        "SECURITY_SCORECARD_API_TOKEN": "your-api-token-here",
        "COMPANY_DOMAIN": "example.com"
      }
    }
  }
}

npx -y fetches and runs the latest published version automatically. Replace the credentials with your own, then restart Claude Desktop.

Option B — Run from source (for development)

# Clone the repository
git clone https://github.com/CallMarcus/security-scorecard-mcp.git
cd security-scorecard-mcp

# Install dependencies
npm install

# Build (use build:fast to avoid memory issues)
npm run build:fast

Then point Claude Desktop at your local build:

{
  "mcpServers": {
    "security-scorecard": {
      "command": "node",
      "args": ["/path/to/security-scorecard-mcp/build/index.js"],
      "env": {
        "SECURITY_SCORECARD_API_TOKEN": "your-api-token-here",
        "COMPANY_DOMAIN": "example.com"
      }
    }
  }
}

Important: Replace the path and credentials with your actual values, then restart Claude Desktop.

Available Tools

The server (index.js) provides 9 specialized tools optimized for Claude Desktop:

Tool	Purpose
`security_dashboard`	Score, grade, and key security metrics
`analyze_security_risks`	Issue prioritization and risk analysis
`create_improvement_plan`	Actionable remediation roadmaps
`discover_assets`	Asset inventory with security context
`analyze_email_security`	SPF/DMARC/DKIM analysis
`api_discovery`	Search 628+ API endpoints with hybrid semantic/keyword search
`analyze_issue_types`	Granular issue type breakdowns
`validate_data_completeness`	Cross-tool data verification
`query_security_data`	Direct API access with discovery

Response Modes

Each tool supports three response modes for token efficiency:

minimal - Quick answers (15-50 tokens)
standard - Overview with context (200-300 tokens)
detailed - Comprehensive analysis (800+ tokens)

Environment Variables

Variable	Required	Description
`SECURITY_SCORECARD_API_TOKEN`	Yes	Your API token
`COMPANY_DOMAIN`	No	Default domain for queries
`DEBUG_MODE`	No	Set `true` for verbose logging

Optional rate limiting and caching:

REQUEST_CACHE_TTL_MS=300000
REQUESTS_PER_INTERVAL=5
REQUEST_INTERVAL_MS=1000

API Discovery

The server includes hybrid search (semantic + keyword) for finding SecurityScorecard API endpoints:

Use api_discovery to search for "email security"

This searches 628 indexed endpoints and returns matching paths with confidence scores, required parameters, and curl examples.

To update the API reference after changes:

npm run api:embed    # Regenerate semantic embeddings
npm run api:update   # Regenerate docs + embeddings

Development

Build Commands

npm run build:fast   # Recommended - uses esbuild (~130ms)
npm run build        # TypeScript compiler (may OOM on some systems)
npm test             # Run tests

Project Structure

src/
  index.ts               # MCP server (9 tools)
  api/client.ts          # SecurityScorecard API client
  integration/           # API discovery system
docs/api/                # Self-contained API reference
  index.jsonl            # Endpoint index (628 endpoints)
  index-embeddings.json  # Semantic search embeddings
build/                   # Compiled JavaScript

Testing

npm test             # Run test suite

Troubleshooting

Build fails with out of memory

Use the fast build instead:

npm run build:fast

"Cannot find module" errors

Reinstall dependencies:

rm -rf node_modules
npm install
npm run build:fast

Claude Desktop doesn't see the MCP

Check the config path: %APPDATA%\Claude\claude_desktop_config.json
Verify the path to index.js is correct
Restart Claude Desktop completely

API returns 401 Unauthorized

Your API token is invalid or expired. Get a new one from SecurityScorecard dashboard.

License

MIT

Reviews

No reviews yet

Be the first to review this server!

More Security MCP Servers

Toleno

Free

by Toleno · Developer Tools

Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.

mcp-creator-python

Free

by mcp-marketplace · Developer Tools

Create, build, and publish Python MCP servers to PyPI — conversationally.

MarkItDown

Free

by Microsoft · Content & Media

Convert files (PDF, Word, Excel, images, audio) to Markdown for LLM consumption

Security Scorecard MCP Server

About

Security Report

Findings (1)

Permissions Required

What You'll Need

How to Install

Documentation

SSC MCP Server

Quick Start

Prerequisites

Option A — Install from npm (recommended)

Option B — Run from source (for development)

Available Tools

Response Modes

Environment Variables

API Discovery

Development

Build Commands

Project Structure

Testing

Troubleshooting

Build fails with out of memory

"Cannot find module" errors

Claude Desktop doesn't see the MCP

API returns 401 Unauthorized

License

Links

Reviews

No reviews yet

More Security MCP Servers

Toleno

mcp-creator-python

MarkItDown

FinAgent

mcp-creator-typescript

Google Workspace MCP