How do I install Arcwall?

Arcwall is a local plugin. Install it using npm package: @arcwall/mcp-server and add the generated configuration snippet to your AI app's MCP config file. Then restart your AI app.

What credentials does Arcwall need?

Arcwall requires the following credentials or environment variables: ARCWALL_API_KEY. You can find setup instructions on the server detail page.

What AI apps work with Arcwall?

Arcwall uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Arcwall MCP Server

by Rom Baro

SecurityUse Caution3.2MCP RegistryLocal

Free

Server data from the Official MCP Registry

Security scanning for AI coding tools. Detects secrets, threat models, and runs pre-commit checks.

About

Security scanning for AI coding tools. Detects secrets, threat models, and runs pre-commit checks.

Security Report

3.2

Use Caution3.2High Risk

Arcwall is a security scanning MCP server with reasonable authentication (API key required) and appropriate tool design. However, the codebase has several concerning patterns: the API key is transmitted in plaintext HTTP headers, workspace scanning functions use broad filesystem access with limited validation, the `preCommitHandler` executes git commands via shell, and there is no input validation on critical parameters like file paths. While the server's purpose (security scanning) justifies network and filesystem access, the implementation has vulnerabilities that could allow path traversal, command injection, or credential exposure. Supply chain analysis found 3 known vulnerabilities in dependencies (0 critical, 3 high severity). Package verification found 1 issue.

7 files analyzed · 13 issues found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

File System Read

Reads files on your machine. Normal for tools that analyze or process local data.

File System Write

Writes or modifies files on your machine. Check that this is expected for the tool.

HTTP Network Access

Connects to external APIs or services over the internet.

env_vars

Check that this permission is expected for this type of plugin.

Shell Command Execution

Runs commands on your machine. Be cautious — only use if you trust this plugin.

process_spawn

Check that this permission is expected for this type of plugin.

Unverified package source

We couldn't verify that the installable package matches the reviewed source code. Proceed with caution.

What You'll Need

Set these up before or after installing:

Your Arcwall API key from arcwall.io/app.htmlRequired

Environment variable: ARCWALL_API_KEY

How to Install

Add this to your MCP configuration file:

{
  "mcpServers": {
    "io-github-rom-baro-arcwall-security": {
      "env": {
        "ARCWALL_API_KEY": "your-arcwall-api-key-here"
      },
      "args": [
        "-y",
        "@arcwall/mcp-server"
      ],
      "command": "npx"
    }
  }
}

Documentation

View on GitHub

From the project's GitHub README.

@arcwall/mcp-server

Security scanning for Claude Code, Cursor, Windsurf, and any MCP-compatible AI coding tool.

Setup

Get your free API key at https://arcwall.io
Add to your MCP config:

Claude Code (~/.claude/mcp.json):

{
  "mcpServers": {
    "arcwall": {
      "command": "npx",
      "args": ["@arcwall/mcp-server"],
      "env": { "ARCWALL_API_KEY": "your-key-here" }
    }
  }
}

Cursor (.cursor/mcp.json): Same config. Windsurf: Add via MCP settings panel.

Restart your AI tool — Arcwall is ready.

Tools

arcwall_scan_secrets — hardcoded credentials
arcwall_scan_mcp — MCP config vulnerabilities
arcwall_scan_agent_instructions — CLAUDE.md, .cursorrules security
arcwall_threat_model — STRIDE analysis
arcwall_check_prompt — prompt injection testing
arcwall_pre_commit — pre-commit security check
arcwall_scan_dependencies — known CVEs in packages

Usage

Ask your AI assistant:

"Scan this repo for secrets"
"Check my MCP configs for vulnerabilities"
"Is my CLAUDE.md safe?"
"Generate a threat model for this project"
"Run a security check before I commit"
"Are there vulnerable packages in this project?"

Reviews

No reviews yet

Be the first to review this server!

More Security MCP Servers

Toleno

Free

by Toleno · Developer Tools

Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.

mcp-creator-python

Free

by mcp-marketplace · Developer Tools

Create, build, and publish Python MCP servers to PyPI — conversationally.

MarkItDown

Free

by Microsoft · Content & Media

Convert files (PDF, Word, Excel, images, audio) to Markdown for LLM consumption

FinAgent

Free

by mcp-marketplace · Finance

Free stock data and market news for any MCP-compatible AI assistant.

mcp-creator-typescript

Free

by mcp-marketplace · Developer Tools

Scaffold, build, and publish TypeScript MCP servers to npm — conversationally

MCP Marketplace

Free

by mcp-marketplace · Developer Tools

Search and install MCP servers from inside your AI client.

Security Report

3.2

Use Caution3.2High Risk

7 files analyzed · 13 issues found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

File System Read

Reads files on your machine. Normal for tools that analyze or process local data.

File System Write

Writes or modifies files on your machine. Check that this is expected for the tool.

HTTP Network Access

Connects to external APIs or services over the internet.

env_vars

Check that this permission is expected for this type of plugin.

Shell Command Execution

Runs commands on your machine. Be cautious — only use if you trust this plugin.

process_spawn

Check that this permission is expected for this type of plugin.

{ "mcpServers": { "io-github-rom-baro-arcwall-security": { "env": { "ARCWALL_API_KEY": "your-arcwall-api-key-here" }, "args": [ "-y", "@arcwall/mcp-server" ], "command": "npx" } } }

@arcwall/mcp-server

Security scanning for Claude Code, Cursor, Windsurf, and any MCP-compatible AI coding tool.

Setup

Get your free API key at https://arcwall.io

Add to your MCP config:

Claude Code (~/.claude/mcp.json):

{ "mcpServers": { "arcwall": { "command": "npx", "args": ["@arcwall/mcp-server"], "env": { "ARCWALL_API_KEY": "your-key-here" } } } }

Cursor (.cursor/mcp.json): Same config. Windsurf: Add via MCP settings panel.

Restart your AI tool — Arcwall is ready.

Tools

arcwall_scan_secrets — hardcoded credentials

arcwall_scan_mcp — MCP config vulnerabilities

arcwall_scan_agent_instructions — CLAUDE.md, .cursorrules security

arcwall_threat_model — STRIDE analysis

arcwall_check_prompt — prompt injection testing

arcwall_pre_commit — pre-commit security check

arcwall_scan_dependencies — known CVEs in packages

Usage

Ask your AI assistant:

"Scan this repo for secrets"

"Check my MCP configs for vulnerabilities"

"Is my CLAUDE.md safe?"

"Generate a threat model for this project"

"Run a security check before I commit"

"Are there vulnerable packages in this project?"

Links

Arcwall MCP Server

About

Security Report

Findings (13)Action required

Permissions Required

What You'll Need

How to Install

Documentation

@arcwall/mcp-server

Setup

Tools

Usage

Links

Reviews

No reviews yet

More Security MCP Servers

Toleno

mcp-creator-python

MarkItDown

FinAgent

mcp-creator-typescript

MCP Marketplace

Arcwall MCP Server

About

Security Report

Findings (13)Action required

Permissions Required

What You'll Need

How to Install

Documentation

@arcwall/mcp-server

Setup

Tools

Usage

Links

Reviews

No reviews yet

More Security MCP Servers

Toleno

mcp-creator-python

MarkItDown

FinAgent

mcp-creator-typescript

MCP Marketplace