Summary
Connects Claude and other MCP clients to the ExposureGuard domain security API. You get four tools: scan_domain runs a full security audit with 8 checks and returns an A-F grade plus findings, get_grade pulls cached results for speed, get_remediation spits out copy-paste fix snippets for failing checks, and get_dependencies shows third-party scripts loaded by a domain. Scans take around 8 seconds. Useful when you're auditing sites in conversation or need security context without leaving your editor. Requires an ExposureGuard API key from their dashboard. Rate limits apply based on your plan tier.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
Tools
Public tool metadata for what this MCP can expose to an agent.
4 tools
scan_domainRun a comprehensive 8-point security audit on any domain. Checks SPF (email spoofing prevention), DMARC (email authentication policy), SSL/TLS certificate validity, HTTPS redirect enforcement, security headers (X-Frame-Options, Content-Security-Policy, Strict-Transport-Securit...1 params
Run a comprehensive 8-point security audit on any domain. Checks SPF (email spoofing prevention), DMARC (email authentication policy), SSL/TLS certificate validity, HTTPS redirect enforcement, security headers (X-Frame-Options, Content-Security-Policy, Strict-Transport-Securit...
Parameters* required
domainstringThe domain name to scan, without protocol or path (e.g. 'example.com', 'api.stripe.com')
get_gradeRetrieve the most recent cached security grade for a domain without triggering a new scan. Returns the letter grade (A-F), numeric score (0-100), and timestamp of when the grade was last calculated. Results may be up to 24 hours old. Use this for quick lookups when you need a...1 params
Retrieve the most recent cached security grade for a domain without triggering a new scan. Returns the letter grade (A-F), numeric score (0-100), and timestamp of when the grade was last calculated. Results may be up to 24 hours old. Use this for quick lookups when you need a...
Parameters* required
domainstringThe domain name to look up (e.g. 'example.com')
get_remediationGet actionable, copy-paste fix instructions for every failing security check on a domain. Returns specific DNS TXT records to add (SPF, DMARC), server configuration snippets (Nginx, Apache, Cloudflare) for security headers and HTTPS redirects, and step-by-step instructions for...1 params
Get actionable, copy-paste fix instructions for every failing security check on a domain. Returns specific DNS TXT records to add (SPF, DMARC), server configuration snippets (Nginx, Apache, Cloudflare) for security headers and HTTPS redirects, and step-by-step instructions for...
Parameters* required
domainstringThe domain to get fix instructions for (e.g. 'example.com')
get_dependenciesDiscover all third-party scripts, stylesheets, fonts, images, and iframes loaded by a domain's website. Returns each external resource with its type (script/stylesheet/image/iframe), host, and full URL. Useful for supply-chain risk assessment — reveals what external services t...1 params
Discover all third-party scripts, stylesheets, fonts, images, and iframes loaded by a domain's website. Returns each external resource with its type (script/stylesheet/image/iframe), host, and full URL. Useful for supply-chain risk assessment — reveals what external services t...
Parameters* required
domainstringThe domain to analyze for third-party dependencies (e.g. 'example.com')
ExposureGuard MCP Server
An MCP (Model Context Protocol) server that connects AI assistants to the ExposureGuard domain security scanning API.
Tools
| Tool | Description |
|---|---|
scan_domain | Full security scan — 8 checks, A-F grade, score, findings, report URL (~8s) |
get_grade | Cached grade lookup (up to 24h old) — fast, no new scan triggered |
get_remediation | Copy-paste fix snippets for all failing checks |
get_dependencies | Third-party scripts/resources loaded by the domain |
Setup
1. Get an API Key
Sign up at getexposureguard.com and grab your API key from the dashboard.
2. Install
# Option A: pip install (recommended)
pip install -e /path/to/exposureguard-mcp
# Option B: just install deps
pip install mcp httpx
3. Configure Your AI Client
Claude Desktop
Edit ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows):
{
"mcpServers": {
"exposureguard": {
"command": "python",
"args": ["-m", "exposureguard_mcp.server"],
"env": {
"EXPOSUREGUARD_API_KEY": "your-api-key-here"
}
}
}
}
If you installed as a package, you can also use:
{
"mcpServers": {
"exposureguard": {
"command": "exposureguard-mcp",
"env": {
"EXPOSUREGUARD_API_KEY": "your-api-key-here"
}
}
}
}
Cursor
Edit .cursor/mcp.json in your project root (or globally at ~/.cursor/mcp.json):
{
"mcpServers": {
"exposureguard": {
"command": "python",
"args": ["-m", "exposureguard_mcp.server"],
"env": {
"EXPOSUREGUARD_API_KEY": "your-api-key-here"
}
}
}
}
Windsurf
Edit ~/.codeium/windsurf/mcp_config.json:
{
"mcpServers": {
"exposureguard": {
"command": "python",
"args": ["-m", "exposureguard_mcp.server"],
"env": {
"EXPOSUREGUARD_API_KEY": "your-api-key-here"
}
}
}
}
VS Code (Copilot)
Edit .vscode/mcp.json in your project:
{
"servers": {
"exposureguard": {
"type": "stdio",
"command": "python",
"args": ["-m", "exposureguard_mcp.server"],
"env": {
"EXPOSUREGUARD_API_KEY": "your-api-key-here"
}
}
}
}
4. Usage Examples
Once connected, ask your AI assistant:
- "Scan example.com for security issues"
- "What's the security grade for cloudflare.com?"
- "Show me how to fix the security issues on my-site.com"
- "What third-party scripts does shopify.com load?"
Running Standalone
export EXPOSUREGUARD_API_KEY=your-api-key-here
python -m exposureguard_mcp.server
The server communicates over stdio using the MCP protocol — it's designed to be launched by an MCP client, not used interactively.
Rate Limits
Rate limits depend on your ExposureGuard plan. If you hit a 429 response, the server will return a message suggesting you upgrade at getexposureguard.com/pricing.
Publishing
PyPI
pip install build twine
python -m build
twine upload dist/*
Then users install with: pip install exposureguard-mcp
npm
npm publish
Then users install with: npx exposureguard-mcp
License
MIT
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →Categories
Registryactive
Packageexposureguard-mcp
TransportSTDIO
UpdatedMar 31, 2026
