A community-driven registry for the Claude Code ecosystem. Not affiliated with Anthropic.
Are you the author? Sign in to claim
Dependency vulnerability monitoring MCP server — knows your lockfile, prioritizes by EPSS, recommends fix versions.
An MCP server that scans your project dependencies for known vulnerabilities, enriches with EPSS exploit probability scores, and recommends fix versions.
Free tier — 10 scans/day, 1 monitored project, no signup required.
Homepage: vulnfeed.novadyne.ai
uvx vulnfeed-mcp
Add to your MCP client config (~/.claude/settings.json for Claude Code, claude_desktop_config.json for Claude Desktop):
Free tier (no signup, no API key):
{
"mcpServers": {
"vulnfeed": {
"command": "uvx",
"args": ["vulnfeed-mcp"]
}
}
}
Paid ($14/mo, unlimited scans + projects):
{
"mcpServers": {
"vulnfeed": {
"command": "uvx",
"args": ["vulnfeed-mcp"],
"env": {
"VULNFEED_API_KEY": "YOUR_LICENSE_KEY_HERE"
}
}
}
}
Get a license key at vulnfeed.novadyne.ai.
VulnFeed also accepts x402 micropayments — AI agents can pay per scan with USDC on Base, no API key or signup needed. When the free tier limit is reached, the API returns HTTP 402 with payment requirements that x402-compatible clients handle automatically.
| Tool | Description |
|---|---|
scan_project | Auto-detect and scan all lockfiles in a directory |
scan_lockfile | Scan a specific lockfile |
check_package | Check a single package for vulnerabilities |
lookup_cve | Detailed CVE info with EPSS + fix versions |
| Tool | Description |
|---|---|
monitor_project | Register for continuous monitoring |
check_alerts | New vulns since last scan |
update_deps | Update snapshot after upgrading packages |
list_monitored | See all monitored projects |
unmonitor_project | Remove from monitoring |
package-lock.json (npm)yarn.lock (Yarn)pnpm-lock.yaml (pnpm)requirements.txt (pip)Pipfile.lock (Pipenv)go.sum / go.mod (Go)Cargo.lock (Rust)Gemfile.lock (Ruby)composer.lock (PHP)By default, VulnFeed suppresses low-priority CVEs (EPSS < 10% AND CVSS < 9.0). This cuts noise by ~80%.
Pass show_all=True to any scan tool to see everything.
monitor_project — takes a baseline snapshot of current deps + known vulnscheck_alerts — diffs against baseline, surfaces only new vulnscheck_alerts periodically to catch newly published CVEsMIT
Run Claude Code as an MCP server so any agent can delegate coding tasks to it
Browser automation using accessibility snapshots instead of screenshots
English-first Korean equity intelligence MCP — DART filings, foreign-holder 5%-rule flows, activist filings, KRX news. F
Unity MCP acts as a bridge between AI assistants and your Unity Editor. Give your LLM tools to manage assets, control sc
