AI-native security scanning for Claude, Cursor, Copilot, Windsurf, and any MCP-compatible AI agent.
When you add Precogs to your AI agent, it gains the ability to:
- 🔍 Scan code for security vulnerabilities (SQL injection, XSS, command injection, etc.)
- 🔐 Detect PII & secrets (API keys, passwords, emails, tokens in code)
- 🛠️ Generate fixes with AI-powered code remediation
- 📦 Check dependencies for known CVEs
- ☁️ Scan IaC (Terraform, CloudFormation, Kubernetes)
- 🧠 Explain vulnerabilities (CWE definitions, attack vectors, remediation)
- 🗺️ Threat model applications using STRIDE methodology
Sign up at app.precogs.ai and create an API key.
npm install -g precogs-mcp-serverClaude Desktop (~/.config/claude/claude_desktop_config.json):
{
"mcpServers": {
"precogs": {
"command": "precogs-mcp-server",
"env": {
"PRECOGS_API_KEY": "pk_live_xxxxxxxxxxxx"
}
}
}
}Cursor (Settings → MCP Servers):
{
"mcp.servers": {
"precogs": {
"command": "precogs-mcp-server",
"env": {
"PRECOGS_API_KEY": "pk_live_xxxxxxxxxxxx"
}
}
}
}VS Code (Copilot) (.vscode/mcp.json):
{
"servers": {
"precogs": {
"command": "precogs-mcp-server",
"env": {
"PRECOGS_API_KEY": "pk_live_xxxxxxxxxxxx"
}
}
}
}| Tool | Description | Token cost |
|---|---|---|
precogs_scan_local_content |
Scan code for vulnerabilities (primary tool) | 1 |
precogs_check_pii |
Detect PII, secrets, and credentials | 1 |
precogs_scan_code |
Full SAST scan on a registered project | varies |
precogs_scan_dependencies |
SCA scan for vulnerable packages | 1 |
precogs_scan_iac |
Infrastructure as Code scan | 1 |
| Tool | Description | Token cost |
|---|---|---|
precogs_get_scan_results |
Get results from a triggered scan | 0 |
precogs_list_vulnerabilities |
List vulnerabilities with filters | 0 |
precogs_get_vulnerability |
Get vulnerability details | 0 |
precogs_dashboard |
Security overview with metrics | 0 |
| Tool | Description | Token cost |
|---|---|---|
precogs_get_ai_fix |
AI-generated fix for a vulnerability | 0 |
precogs_verify_fix |
Re-scan fixed code to verify resolution | 1 |
| Tool | Description | Token cost |
|---|---|---|
precogs_explain_vulnerability |
Explain a CWE or vulnerability type | 0 |
| Tool | Description | Token cost |
|---|---|---|
precogs_list_projects |
List registered projects | 0 |
precogs_get_project |
Get project details | 0 |
| Resource | Description |
|---|---|
precogs://security-policy |
Organization security policy and rules |
precogs://dashboard |
Current security posture overview |
| Prompt | Description |
|---|---|
security_review |
OWASP-based comprehensive code security review |
fix_vulnerability |
Structured vulnerability remediation workflow |
threat_model |
STRIDE-based threat modeling for applications |
User: Check this Python function for security issues
def login(username, password):
query = f"SELECT * FROM users WHERE name='{username}'"
cursor.execute(query)
return cursor.fetchone()
Claude: I'll scan this code with Precogs AI...
[Uses precogs_scan_local_content]
🔴 Critical: SQL Injection (CWE-89) on line 2
User input directly interpolated into SQL query.
Fix: Use parameterized queries:
cursor.execute("SELECT * FROM users WHERE name=%s", (username,))
User: Do a security review of my auth module
Claude: I'll perform a comprehensive review using the Precogs security review framework...
[Uses security_review prompt + precogs_scan_local_content tool]
User: Create a threat model for our payment processing API
Claude: I'll create a STRIDE threat model...
[Uses threat_model prompt]
| Variable | Description | Required |
|---|---|---|
PRECOGS_API_KEY |
Your Precogs API key (pk_live_xxx) |
Yes |
PRECOGS_BASE_URL |
Custom API URL (default: https://api.precogs.ai/api/v1) |
No |
git clone https://github.com/PrecogsAI/precogs-mcp-server
cd precogs-mcp-server
npm install
npm run build
# Run in dev mode
PRECOGS_API_KEY=pk_live_xxx npm run devMIT — see LICENSE for details.
Built by Precogs AI — AI-native code, binary, and data security.