MCP Vulnerability Scanner Server

Workflow: Company Email → Zapier → Claude (with this MCP) → Fix + Report

Setup

pip install mcp==1.3.0 bandit==1.8.3 semgrep==1.113.0

Connect to Claude Desktop

Copy claude_desktop_config.json content into:

• Mac: ~/Library/Application Support/Claude/claude_desktop_config.json
• Windows: %APPDATA%\Claude\claude_desktop_config.json

Or merge the mcpServers block into your existing config.

Available Tools

| Tool | Purpose | |------|---------| | scan_python_vulnerabilities | Bandit SAST scan for Python code | | scan_with_semgrep | Multi-language scan (JS, Java, Go, etc.) | | detect_hardcoded_secrets | Find API keys, passwords, tokens | | check_sql_injection | Detect SQLi patterns | | check_xss_vulnerabilities | Detect XSS patterns | | suggest_fix | Get fixed code for a vulnerability | | parse_email_code | Extract code blocks from Zapier email body | | generate_vulnerability_report | Create a formatted report |

Zapier Workflow

1. Trigger: Gmail / Outlook — "New Email" (filter by sender domain)
2. Action: Webhooks by Zapier → POST to Claude API
   • Model: claude-opus-4-5 or claude-sonnet-4-5
   • System prompt (paste this):

You are a security engineer. When you receive an email body:
1. Call parse_email_code to extract code from the email
2. Call scan_python_vulnerabilities OR scan_with_semgrep on each code block
3. Call detect_hardcoded_secrets on each code block
4. Call check_sql_injection and check_xss_vulnerabilities
5. For each vulnerability found, call suggest_fix to get the fixed code
6. Call generate_vulnerability_report with all findings
7. Return the full report as your response

3. Action: Send Email reply with Claude's response

Example Claude Prompt (manual use)

Here is code from my company email. Please scan it for vulnerabilities and suggest fixes.

```python
import sqlite3
def get_user(username):
    conn = sqlite3.connect('db.sqlite')
    cursor = conn.cursor()
    cursor.execute("SELECT * FROM users WHERE name = '" + username + "'")
    return cursor.fetchall()