How do I install Vulnfeed?

Vulnfeed is a local plugin. Install it using PyPI package: vulnfeed-mcp and add the generated configuration snippet to your AI app's MCP config file. Then restart your AI app.

What credentials does Vulnfeed need?

Vulnfeed requires the following credentials or environment variables: VULNFEED_API_KEY. You can find setup instructions on the server detail page.

What AI apps work with Vulnfeed?

Vulnfeed uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Vulnfeed MCP Server

by Novadyne Hq

Developer ToolsUse Caution4.2MCP RegistryLocal

Free

Server data from the Official MCP Registry

Dependency vulnerability scanner with EPSS scoring. 9 MCP tools. Free tier + x402.

About

Dependency vulnerability scanner with EPSS scoring. 9 MCP tools. Free tier + x402.

Security Report

4.2

Use Caution4.2High Risk

VulnFeed is a legitimate vulnerability scanning MCP server with reasonable architecture and proper authentication support. The codebase is well-structured with appropriate error handling and no malicious patterns detected. However, several security concerns warrant attention: the backend URL is hardcoded with a suspicious domain pattern, API keys are transmitted via Authorization headers without explicit HTTPS enforcement, and there is no input validation on file paths which could enable directory traversal attacks. Additionally, the fallback to environment variable `WORKER_BOOTSTRAP_KEY` lacks documentation and may indicate legacy credential handling. These issues prevent a higher score but do not indicate critical vulnerabilities. Supply chain analysis found 3 known vulnerabilities in dependencies (0 critical, 3 high severity). Package verification found 1 issue.

5 files analyzed · 12 issues found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

File System Read

Reads files on your machine. Normal for tools that analyze or process local data.

HTTP Network Access

Connects to external APIs or services over the internet.

env_vars

Check that this permission is expected for this type of plugin.

What You'll Need

Set these up before or after installing:

Polar.sh license key for paid tier (optional — free tier works without it)Required

Environment variable: VULNFEED_API_KEY

How to Install

Add this to your MCP configuration file:

{
  "mcpServers": {
    "io-github-novadyne-hq-vulnfeed": {
      "env": {
        "VULNFEED_API_KEY": "your-vulnfeed-api-key-here"
      },
      "args": [
        "vulnfeed-mcp"
      ],
      "command": "uvx"
    }
  }
}

Reviews

No reviews yet

Be the first to review this server!

More Developer Tools MCP Servers

Fetch

Free

by Modelcontextprotocol · Developer Tools

Web content fetching and conversion for efficient LLM usage

Git

Free

by Modelcontextprotocol · Developer Tools

Read, search, and manipulate Git repositories programmatically

Toleno

Free

by Toleno · Developer Tools

Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.

Vulnfeed MCP Server

About

Security Report

Findings (12)Action required

Permissions Required

What You'll Need

How to Install

Reviews

No reviews yet

More Developer Tools MCP Servers

Fetch

Git

Toleno

mcp-creator-python

MarkItDown

FinAgent