How do I install Arcwall?

Arcwall is a local plugin. Install it using npm package: @arcwall/mcp-server and add the generated configuration snippet to your AI app's MCP config file. Then restart your AI app.

What credentials does Arcwall need?

Arcwall requires the following credentials or environment variables: ARCWALL_API_KEY. You can find setup instructions on the server detail page.

What AI apps work with Arcwall?

Arcwall uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Arcwall MCP Server

by Rom Baro

SecurityUse Caution3.2MCP RegistryLocal

Free

Server data from the Official MCP Registry

Security scanning for AI coding tools. Detects secrets, threat models, and runs pre-commit checks.

About

Security scanning for AI coding tools. Detects secrets, threat models, and runs pre-commit checks.

Security Report

3.2

Use Caution3.2High Risk

Arcwall is a security scanning MCP server with reasonable authentication (API key required) and appropriate tool design. However, the codebase has several concerning patterns: the API key is transmitted in plaintext HTTP headers, workspace scanning functions use broad filesystem access with limited validation, the `preCommitHandler` executes git commands via shell, and there is no input validation on critical parameters like file paths. While the server's purpose (security scanning) justifies network and filesystem access, the implementation has vulnerabilities that could allow path traversal, command injection, or credential exposure. Supply chain analysis found 3 known vulnerabilities in dependencies (0 critical, 3 high severity). Package verification found 1 issue.

7 files analyzed · 13 issues found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

File System Read

Reads files on your machine. Normal for tools that analyze or process local data.

File System Write

Writes or modifies files on your machine. Check that this is expected for the tool.

HTTP Network Access

Connects to external APIs or services over the internet.

env_vars

Check that this permission is expected for this type of plugin.

Shell Command Execution

Runs commands on your machine. Be cautious — only use if you trust this plugin.

process_spawn

Check that this permission is expected for this type of plugin.

What You'll Need

Set these up before or after installing:

Your Arcwall API key from arcwall.io/app.htmlRequired

Environment variable: ARCWALL_API_KEY

How to Install

Add this to your MCP configuration file:

{
  "mcpServers": {
    "io-github-rom-baro-arcwall-security": {
      "env": {
        "ARCWALL_API_KEY": "your-arcwall-api-key-here"
      },
      "args": [
        "-y",
        "@arcwall/mcp-server"
      ],
      "command": "npx"
    }
  }
}

Documentation

View on GitHub

From the project's GitHub README.