npm.io
1.0.12 • Published 3d agoCLI

@aikidosec/mcp

Licence
AGPL
Version
1.0.12
Deps
7
Size
53.8 MB
Vulns
0
Weekly
11.0K
SummaryDependencyVersions

Aikido MCP Server

A lightweight Model Context Protocol (MCP) server that exposes Aikido’s Code and Secrets Scan as a tool for AI coding agents and IDEs. It lets your agent scan code and returns machine-readable findings you can triage, fix or ignore.

Prerequisites

  • Node.js 18.19.0 or newer
  • An Aikido account (sign up)

Authentication

The MCP authenticates in one of two ways. You don’t need to pick up front — just add the server to your IDE (see below) and run any Aikido tool.

Browser sign-in (recommended)

If no token is configured, the first tool call returns a one-time set of sign-in links — one per Aikido region (EU / US / ME). Click the link that matches your account.

Environment variable (CI / headless)

For CI, containers, or any setup where opening a browser/using keychain isn’t an option, generate a Personal Access Token in Settings → Integrations → MCP Server and pass it as AIKIDO_API_KEY — either in your MCP config’s env block (examples below) or as a system env var. When set, AIKIDO_API_KEY takes precedence over the cached browser token.

Add to your IDE or agent

Below are example configurations. They use the browser sign-in flow. To use AIKIDO_API_KEY instead, add an env block to any of them — see Using AIKIDO_API_KEY.

Cursor

Go to Settings > Cursor Settings > MCP & Integrations > New MCP server

Add the following configuration to your Cursor ~/.cursor/mcp.json file. See Cursor MCP docs for more info.

{
  "mcpServers": {
    "aikido": {
      "command": "npx",
      "args": ["-y", "@aikidosec/mcp"]
    }
  }
}
Windsurf

Add the following config to ~/.codeium/windsurf/mcp_config.json. See Windsurf MCP docs for more info.

{
  "mcpServers": {
    "aikido": {
      "command": "npx",
      "args": ["-y", "@aikidosec/mcp"]
    }
  }
}
VS Code

Open the VS Code Command Palette by using Ctrl+⇧Shift+P or ⌘Command+⇧Shift+P (macOS). Type MCP: Open User Configuration. Add the following config to the MCP config file. See VS Code MCP docs for more info.

{
  "servers": {
    "aikido": {
      "command": "npx",
      "args": ["-y", "@aikidosec/mcp"]
    }
  }
}

Using AIKIDO_API_KEY

To use a pre-generated token instead of the browser sign-in flow, add an env block to any of the configs above:

{
  "mcpServers": {
    "aikido": {
      "command": "npx",
      "args": ["-y", "@aikidosec/mcp"],
      "env": {
        "AIKIDO_API_KEY": "your-api-key-here"
      }
    }
  }
}

Keywords

aikidomcpserversecurity