Yes, Vigile MCP is free to use.

How do I install Vigile MCP?

Vigile MCP is a local plugin. Install it using npm package: vigile-mcp and add the generated configuration snippet to your AI app's MCP config file. Then restart your AI app.

What credentials does Vigile MCP need?

Vigile MCP requires the following credentials or environment variables: VIGILE_API_KEY. You can find setup instructions on the server detail page.

What AI apps work with Vigile MCP?

Vigile MCP uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Vigile MCP MCP Server

by Dakotas07

SecurityLow Risk10.0Local

Free

Query trust scores for MCP servers and agent skills before your AI uses them..

About

Scan MCP servers and agent skills for tool poisoning, data exfiltration, prompt injection, and supply chain risk. Use Vigile MCP from Claude Code, Cursor, OpenClaw, and other MCP clients to check trust scores, scan raw content, search the trust registry, and assess location-related privacy risk. Free to start; add VIGILE_API_KEY for higher limits. https://vigile.dev/tools/vigile-mcp

Security Report

10.0

Low Risk10.0Low Risk

Valid MCP server (2 strong, 4 medium validity signals). No known CVEs in dependencies. Package registry verified. Imported from the Official MCP Registry. Trust signals: trusted author (3/3 approved).

7 files analyzed · 1 issue found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

file_system

Check that this permission is expected for this type of plugin.

HTTP Network Access

Connects to external APIs or services over the internet.

env_vars

Check that this permission is expected for this type of plugin.

Shell Command Execution

Runs commands on your machine. Be cautious — only use if you trust this plugin.

What You'll Need

Set these up before or after installing:

Optional API key for higher rate limits. Free tier works without a key (50 scans/month, 10 req/min). Get a key at vigile.dev for Pro limits.Optional

Environment variable: VIGILE_API_KEY

How to Install

Add this to your MCP configuration file:

{
  "mcpServers": {
    "vigile-mcp-server-launch-guide": {
      "args": [
        "-y",
        "vigile-mcp"
      ],
      "command": "npx"
    }
  }
}

Getting Started

Once installed, try these example prompts and explore these capabilities:

1"Check if @anthropic/mcp-server-filesystem is safe"
2"Scan this claude.md file for security issues"
3"Search for database MCP servers and show me their trust scores"
4Tool: vigile_check_server — Look up trust score for any MCP server
5Tool: vigile_check_skill — Check agent skill security
6Tool: vigile_scan_content — Scan raw file content for threats
7Tool: vigile_search — Search the Vigile trust registry
8Tool: vigile_verify_location — Assess location privacy risks

Documentation

View on GitHub

From the project's GitHub README.

vigile-mcp

MCP server for Vigile AI Security — query trust scores for MCP servers and agent skills directly from your AI coding assistant.

Works with Claude Desktop, Claude Code, Cursor, VS Code, Windsurf, and any MCP-compatible client.

Installation

Claude Desktop

Add to your Claude Desktop config file:

macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "vigile": {
      "command": "npx",
      "args": ["-y", "vigile-mcp"]
    }
  }
}

Claude Code

claude mcp add --transport stdio vigile --scope user -- npx -y vigile-mcp

Or add to your project's .mcp.json:

{
  "vigile": {
    "command": "npx",
    "args": ["-y", "vigile-mcp"]
  }
}

Cursor

Add to ~/.cursor/mcp.json:

{
  "mcpServers": {
    "vigile": {
      "command": "npx",
      "args": ["-y", "vigile-mcp"]
    }
  }
}

VS Code (Copilot)

Add to .vscode/mcp.json in your project:

{
  "servers": {
    "vigile": {
      "command": "npx",
      "args": ["-y", "vigile-mcp"]
    }
  }
}

Windsurf

Add to ~/.codeium/windsurf/mcp_config.json:

{
  "mcpServers": {
    "vigile": {
      "command": "npx",
      "args": ["-y", "vigile-mcp"]
    }
  }
}

Global Install (Alternative)

npm install -g vigile-mcp

Then replace "command": "npx", "args": ["-y", "vigile-mcp"] with "command": "vigile-mcp" in any config above.

What It Does

Vigile scans and scores MCP servers and agent skills for security issues like tool poisoning, data exfiltration, prompt injection, and supply chain attacks. This MCP server brings those trust scores into your AI workflow — so your coding assistant can check whether a tool is safe before using it.

Covers servers from npm, Smithery, PyPI, and other registries, plus agent skills from Claude Code, Cursor, OpenClaw/ClawHub, and more.

Tools

Tool	Description
`vigile_check_server`	Look up trust score for an MCP server by name or package
`vigile_check_skill`	Look up trust score for an agent skill (claude.md, .cursorrules, OpenClaw skills, etc.)
`vigile_scan_content`	Scan raw content from a claude.md, .cursorrules, skill.md, or similar file for security issues
`vigile_search`	Search the Vigile trust registry by keyword
`vigile_verify_location`	Verify whether a skill uses location data safely and check for location-based attack patterns

Example Usage

Once installed, your AI assistant can use these tools naturally:

"Check if @anthropic/mcp-server-filesystem is safe" "Scan this claude.md file for security issues" "Search for database MCP servers and show me their trust scores"

Trust Scores

Vigile rates every server and skill on a 0-100 scale:

Score	Level	Meaning
80-100	Trusted	No significant issues found
60-79	Caution	Minor issues, review recommended
40-59	Risky	Notable security concerns
0-39	Dangerous	Critical issues, do not use

Authentication

By default, vigile-mcp uses the public Vigile registry (rate-limited). For higher limits, set your API key:

{
  "mcpServers": {
    "vigile": {
      "command": "npx",
      "args": ["-y", "vigile-mcp"],
      "env": {
        "VIGILE_API_KEY": "vgl_your_key_here"
      }
    }
  }
}

Get an API key at vigile.dev.

Rate Limits

Tier	Scans/min	Monthly Quota
Free (no key)	10	50
Pro ($30/mo)	60	1,000
Pro+ ($100/mo)	300	5,000

Registry lookups (vigile_check_server, vigile_check_skill, vigile_search) do not count against your scan quota. Only vigile_scan_content consumes scans.

Requirements

Node.js 18+
An MCP-compatible client

Disclaimer

THIS SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. Vigile AI Security provides security scanning and trust scoring as informational tools only. Trust scores, scan results, and security assessments are based on automated analysis and should not be considered definitive security guarantees.

Vigile does not guarantee the detection of all security threats, vulnerabilities, or malicious behavior. Users are solely responsible for their own security decisions and should use Vigile as one component of a comprehensive security strategy.

By using this software, you agree to the Vigile Terms of Service.

License

MIT

Reviews

No reviews yet

Be the first to review this server!

Version History

v0.1.10Mar 18, 2026Re-scanned

Added memory tools for recall, timeline, provenance checks, and bounded memory writes.

More Security MCP Servers

Toleno

Free

by Toleno · Developer Tools

Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.

mcp-creator-python

Free

by mcp-marketplace · Developer Tools

Create, build, and publish Python MCP servers to PyPI — conversationally.

MarkItDown

Free

by Microsoft · Content & Media

Convert files (PDF, Word, Excel, images, audio) to Markdown for LLM consumption

Vigile MCP MCP Server

About

Security Report

Findings (1)

Permissions Required

What You'll Need

How to Install

Getting Started

Documentation

vigile-mcp

Installation

Claude Desktop

Claude Code

Cursor

VS Code (Copilot)

Windsurf

Global Install (Alternative)

What It Does

Tools

Example Usage

Trust Scores

Authentication

Rate Limits

Requirements

Disclaimer

License

Reviews

No reviews yet

Version History

More Security MCP Servers

Toleno

mcp-creator-python

MarkItDown

mcp-creator-typescript

Google Workspace MCP

FinAgent