Remote OpenClaw Blog
Best MCP Servers for Security Teams in 2026: Top Picks
9 min read ·
Semgrep MCP is the best MCP server for security teams in 2026: it runs Semgrep's static analysis engine and its thousands of rules so an AI agent can scan code for vulnerabilities inside the same session where the code is written. This list ranks the 10 MCP servers that earn a slot in a security workflow, spanning SAST, dependency scanning, CVE lookup, threat intelligence, and reconnaissance, each with a verified install command. For a role-agnostic ranking, see the broader best MCP servers in 2026 list and our best MCP servers for Claude Code guide; this post curates what belongs in a security stack.
How We Ranked These for Security
This ranking optimizes for one job: making an AI agent useful across code review, vulnerability research, and reconnaissance. We scored each server on fit for security workflows (SAST, SCA, CVE lookup, threat intel, recon, threat modeling), GitHub stars and maintenance checked against each repository in early July 2026, and install friction. Because the security MCP space is newer than most, we also weighted whether a server is first-party or actively maintained, and we flag the ones that are not.
All install commands follow the syntax in the official Claude Code MCP documentation, and the same servers work in any MCP client. Give an agent security tools only after reading our AI agent security risks guide.
The 10 Best MCP Servers for Security Teams
These ten cover static analysis, dependency scanning, CVE and threat intelligence, OSINT, network reconnaissance, and threat modeling: the core of an appsec and offensive-security workflow.
1. Semgrep MCP: static analysis in your session (best overall)
Semgrep MCP (~670 stars) runs Semgrep's SAST engine and its thousands of rules so an agent can scan code for vulnerabilities as it is written. It is #1 because Semgrep is a mature, trusted scanner and this is the highest-leverage way to shift security left: the finding and the fix happen in one place.
claude mcp add semgrep -- uvx semgrep-mcp
Setup note: the standalone semgrep/mcp repo was archived in late 2025 and development moved into the main Semgrep repository, but this install path still works. Add SEMGREP_APP_TOKEN only if you use the Semgrep AppSec Platform.
2. VirusTotal MCP: file, URL, and IP reputation
VirusTotal MCP by BurtTheCoder (~130 stars) analyzes URLs, files, IPs, and domains against VirusTotal's threat intelligence across eleven tools. For triage it is a fast way to ask "is this indicator known bad" without leaving the investigation.
claude mcp add --env VIRUSTOTAL_API_KEY=xxx virustotal -- npx -y @burtthecoder/mcp-virustotal
Setup note: a VirusTotal API key is required and it needs Node 20 or later. Keep the key at local scope; a public VirusTotal key still carries rate and privacy considerations.
3. Shodan MCP: attack surface and exposure
Shodan MCP by BurtTheCoder (~140 stars) performs network reconnaissance through Shodan: IP and host lookups, device discovery, DNS, and CVE or CPE intelligence. It answers "what is exposed on this IP" in one prompt during an external assessment.
claude mcp add --env SHODAN_API_KEY=xxx shodan -- npx -y @burtthecoder/mcp-shodan
Setup note: a Shodan API key is required. Use it only against assets you are authorized to assess, and keep the key at local scope.
4. OpenOSINT: AI-driven reconnaissance framework
OpenOSINT (~760 stars) is an AI-driven OSINT framework that chains modules for email, username, breach, IP, and domain enumeration through natural language. It is the broadest recon tool here, wrapping many upstream sources behind a single interface.
claude mcp add --env ANTHROPIC_API_KEY=sk-xxx openosint -- python /path/to/OpenOSINT/openosint/mcp_server.py
Setup note: install first with pip install "openosint[web]". It needs one model key (Anthropic, an OpenAI-compatible endpoint, or local Ollama) plus optional per-source keys such as SHODAN_API_KEY, VIRUSTOTAL_API_KEY, and HIBP_API_KEY.
5. Snyk: software composition and code scanning
Snyk (~50 stars on the studio repo) exposes the Snyk CLI as an MCP server so an agent can scan open-source dependencies, code, containers, and infrastructure-as-code, then pull the findings. It is first-party from Snyk, which matters more than the star count for a tool you trust with your dependency tree.
claude mcp add snyk -- npx -y snyk@latest mcp -t stdio
Setup note: authenticate the CLI first with snyk auth; the server uses that token rather than an environment variable. Run npx snyk mcp configure --tool=claude-cli for a guided setup.
6. CVE Search MCP: vulnerability lookup
cve-search MCP (~101 stars) queries CVE and vulnerability data by vendor, product, or CVE ID against the public CVE-Search API. It puts "what CVEs affect this product version" one prompt away during triage or patch planning.
claude mcp add cve-search -- uv --directory /path/to/cve-search_mcp run main.py
Setup note: there is no published package, so clone the repo and run uv sync first, then point the command at that directory. No API key is required.
7. SecOps MCP: offensive tooling behind one interface
secops-mcp by securityfortech (~200 stars) unifies fifteen-plus offensive tools such as Nuclei, Nmap, and SQLMap behind a single MCP interface for pentest, bug bounty, and threat hunting. It is convenient when you already run those binaries and want an agent to orchestrate them.
claude mcp add secops -- python main.py
Setup note: install dependencies with pip install -r requirements.txt and make sure the underlying CLI tools are present on the host. Use it only in an authorized testing environment.
8. Threat Modeling MCP: structured STRIDE analysis
threat-modeling-mcp-server from AWS Labs (~62 stars) guides structured STRIDE threat modeling with code validation. It is early-stage but first-party, and it fills a gap the scanners do not: design-level risk analysis rather than pattern matching on code.
claude mcp add threat-modeling -- uvx --from git+https://github.com/awslabs/threat-modeling-mcp-server.git threat-modeling-mcp-server
Setup note: it uses the client's own model with no external API, so there is no key to manage. Expect fast iteration since the repo is new.
9. Nmap MCP: guided network scanning
nmap-mcp by Vorota-ai (~12 stars, the smallest here) drives Nmap port scanning, service and OS detection, and vulnerability scans with built-in safety limits. It is the least mature pick on the list, so treat it as a convenience wrapper rather than a production dependency.
claude mcp add nmap -- docker run --rm -i nmap-mcp
Setup note: build the image first with docker build -t nmap-mcp https://github.com/vorotaai/nmap-mcp.git. Optional variables like NMAP_MAX_TARGETS cap the blast radius. Scan only authorized hosts.
10. npm audit MCP: dependency advisories
mcp-security-audit by qianniuspace (~53 stars) audits npm dependencies against the npm advisory database and returns severity, CVSS, and fix guidance. It ranks last because it is npm-only and has not been updated since early 2025, so verify its output against a current source.
claude mcp add security-audit -- npx -y mcp-security-audit
Setup note: no auth is required. Given the stale maintenance, prefer Snyk for anything beyond a quick npm-only check.
Comparison Table
The table compares all ten picks on job, transport, credential needs, and a maturity note, since the security MCP space varies more than most.
| Rank | Server | Best for | Transport | Auth needed | Maturity |
|---|---|---|---|---|---|
| 1 | Semgrep MCP | SAST code scanning | stdio (uvx) | Optional token | Mature; repo archived |
| 2 | VirusTotal MCP | File/URL/IP reputation | stdio (npx) | API key | Active |
| 3 | Shodan MCP | Attack surface | stdio (npx) | API key | Active |
| 4 | OpenOSINT | OSINT recon | stdio (python) | Model + source keys | Active |
| 5 | Snyk | SCA and code scanning | stdio (npx) | CLI auth | First-party |
| 6 | CVE Search MCP | CVE lookup | stdio (uv) | None | Lightly maintained |
| 7 | SecOps MCP | Offensive tool orchestration | stdio (python) | None | Thin history |
| 8 | Threat Modeling MCP | STRIDE analysis | stdio (uvx) | None | New; first-party |
| 9 | Nmap MCP | Network scanning | stdio (docker) | None | Early-stage |
| 10 | npm audit MCP | Dependency advisories | stdio (npx) | None | Stale since 2025 |
Handle Offensive Tools and API Keys Carefully
Security MCP servers carry sharper risks than most because several run offensive tooling and hold sensitive API keys. Only point Shodan MCP, Nmap MCP, and SecOps MCP at systems you are explicitly authorized to assess; an AI agent will happily scan whatever target you name, and authorization is your responsibility, not the tool's. Use the built-in limits, such as Nmap MCP's target caps, to keep the blast radius small.
API keys for VirusTotal, Shodan, and OSINT sources are credentials that also expose your queries to third parties. Keep them at local scope so they stay out of a committed .mcp.json, and remember that submitting a sample or indicator to VirusTotal can make it visible to others. Our guide to securing MCP connections covers key handling and network isolation in depth.
Limitations and Tradeoffs
The security MCP ecosystem is genuinely less mature than databases, DevOps, or browser tooling, and this list reflects that: several picks have double-digit star counts, one core repo is archived, and one dependency scanner has not shipped an update since early 2025. Treat these as accelerators for a human analyst, not autonomous security systems. Every connected server also adds tool definitions to your context window, so enable only what a given engagement needs. Above all, an agent running a scanner still needs a human to confirm scope, interpret findings, and own the authorization; MCP shortens the loop, it does not remove the operator.
Related Guides
- AI Agent Security Risks: A Practical Guide
- Securing Your MCP Server Connections
- Best MCP Servers in 2026: The Complete Ranked List
- Best MCP Servers for Claude Code
Go deeper
The operator playbooks
Production-ready PDF guides for OpenClaw and Hermes Agent — $19.99 each.
Skills for this topic
Browse all skills →Frequently Asked Questions
What is the best MCP server for security teams?
Semgrep MCP is the best MCP server for security teams in 2026. It runs Semgrep's static analysis engine and its thousands of rules so an AI agent can scan code for vulnerabilities in the same session the code is written, has around 670 GitHub stars, and represents the highest-leverage way to shift appsec left. Note that the standalone repo is
Can an AI agent look up CVEs and threat intelligence?
Yes. CVE Search MCP queries CVE data by vendor, product, or CVE ID against the public CVE-Search API, while VirusTotal MCP checks files, URLs, and IPs against VirusTotal, and Shodan MCP maps internet-exposed assets. Together they let an agent answer "is this indicator known bad and what CVEs affect this version" from inside an investigation.
Is it safe to let an AI agent run security scanners?
Only within strict limits. Offensive servers like Nmap MCP, Shodan MCP, and SecOps MCP will scan whatever target you name, so authorization is entirely your responsibility. Point them only at systems you are permitted to assess, use built-in target caps, keep API keys at local scope, and treat the agent as an accelerator for a human analyst rather than an
Are there mature MCP servers for security work?
The security MCP ecosystem is younger and lower-starred than databases or DevOps. Semgrep is mature and Snyk is first-party, but several other picks have double-digit star counts, one core repo is archived, and one dependency scanner is stale since early 2025. Vet each server, prefer first-party or actively maintained repos, and verify findings against a current source.
How do I keep security MCP API keys safe?
Keep every API key at local scope so it stays in your personal config and never reaches a committed .mcp.json. VirusTotal, Shodan, and OSINT keys expose your queries to third parties, and submitting a sample to VirusTotal can make it visible to others, so treat both the key and the query as sensitive. Rotate keys if they are ever shared





