MCP Server Integration
Firmis can run as an MCP (Model Context Protocol) server, exposing security scanning as tools that AI agents can call directly. This lets coding agents like Claude Code, Cursor, and others scan for vulnerabilities as part of their workflow.
Add to your Claude Code MCP config (~/.claude/mcp.json or project-level):
{ "mcpServers": { "firmis": { "command": "npx", "args": ["firmis-cli", "mcp"] } }}Add to your Cursor MCP config (.cursor/mcp.json):
{ "mcpServers": { "firmis": { "command": "npx", "args": ["firmis-cli", "mcp"] } }}Any MCP-compatible agent can use Firmis. Start the server with:
npx firmis-cli mcpThis starts Firmis in MCP server mode using stdio transport. Connect your agent’s MCP client to the process stdin/stdout.
Available Tools
Section titled “Available Tools”Once connected, your agent has access to 8 tools.
firmis_scan
Section titled “firmis_scan”Scan AI agent configurations for security findings.
Parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
path | string | No | Project directory to scan (defaults to current) |
platform | enum | No | Restrict to: claude, mcp, codex, cursor, crewai, autogpt, openclaw, nanobot, supabase |
severity | enum | No | Minimum severity: low, medium, high, critical |
Returns:
{ "grade": "B", "threatsFound": 5, "platformsScanned": 3, "componentsScanned": 12, "threats": [ { "ruleId": "tool-poisoning-004", "category": "tool-poisoning", "severity": "high", "message": "Tool description contains override instructions", "location": "mcp-config.json:15", "confidence": 0.85 } ]}Example agent prompt: “Scan this project for security vulnerabilities”
firmis_discover
Section titled “firmis_discover”Detect all AI agent platforms and components in a project.
Parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
path | string | No | Project directory to discover (defaults to current) |
Returns:
{ "platforms": [ { "name": "mcp", "type": "mcp-server", "componentsFound": 4, "components": [ "mcp-config.json", "tools/search.ts", "tools/fetch.ts", "tools/exec.ts" ] } ]}Example agent prompt: “What AI agent platforms are in this project?”
firmis_report
Section titled “firmis_report”Generate an HTML security report from a scan.
Parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
path | string | No | Project directory to scan (defaults to current) |
platform | enum | No | Restrict to: claude, mcp, codex, cursor, crewai, autogpt, openclaw, nanobot, supabase |
severity | enum | No | Minimum severity: low, medium, high, critical |
outputPath | string | No | File path for the generated report (defaults to firmis-report.html in project root) |
Returns:
{ "grade": "B", "findingsCount": 5, "platformsCount": 3, "reportPath": "/Users/you/project/firmis-report.html"}Example agent prompt: “Generate a security report for this project”
firmis_list_rules
Section titled “firmis_list_rules”List available detection rules, optionally filtered by category or severity.
Parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
category | string | No | Filter by category (e.g. tool-poisoning, credential-exposure, permission-bypass) |
severity | enum | No | Filter by severity: low, medium, high, critical |
Returns:
{ "totalRules": 316, "rules": [ { "id": "tool-poisoning-004", "name": "Tool description override injection", "category": "tool-poisoning", "severity": "high", "enabled": true } ]}Example agent prompt: “Show me all critical detection rules”
firmis_bom
Section titled “firmis_bom”Generate an Agent Bill of Materials (ABOM) for the project.
Parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
path | string | No | Project directory to analyze (defaults to current) |
Returns:
{ "platforms": [ { "platform": "mcp", "components": 4, "threats": 2, "componentNames": [ "mcp-config.json", "tools/search.ts", "tools/fetch.ts", "tools/exec.ts" ] } ], "totalComponents": 4, "totalThreats": 2, "grade": "B"}Example agent prompt: “Generate a bill of materials for the AI components in this project”
firmis_fix_plan
Section titled “firmis_fix_plan”Generate a remediation plan for findings without applying any changes. Returns actions for review only.
Parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
path | string | No | Project directory to analyze (defaults to current) |
severity | enum | No | Minimum severity to include: low, medium, high, critical |
Returns:
{ "planned": 3, "applied": 0, "skipped": 1, "failed": 0, "actions": [ { "ruleId": "tool-poisoning-004", "actionType": "rewrite", "tier": "guided", "filePath": "mcp-config.json", "description": "Remove override instructions from tool description", "severity": "high" } ]}Example agent prompt: “What fixes are recommended for the high-severity findings?”
firmis_deep_scan
Section titled “firmis_deep_scan”Run AI-powered deep analysis on scan findings to confirm or dismiss them. Uses AI credits.
Parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
path | string | No | Project directory to scan (defaults to current) |
top | number | No | Limit number of findings analyzed (saves credits) |
Returns:
{ "confirmed": 3, "likelyFalsePositives": 2, "creditsUsed": 25, "creditsRemaining": 475, "findings": [ { "severity": "high", "category": "tool-poisoning", "message": "Tool description contains override instructions targeting system prompt", "confidence": 0.92, "reasoning": "The fetch tool description includes 'ignore previous instructions' phrasing that would override agent system prompts when the tool schema is loaded into context." } ]}Example agent prompt: “Deep scan the top 5 findings to check for false positives”
firmis_compliance
Section titled “firmis_compliance”Map scan findings to compliance framework controls.
Parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
path | string | No | Project directory to scan (defaults to current) |
framework | enum | No | Framework: soc2, ai-act, gdpr, nist-ai-rmf, owasp-agentic, iso-42001, mitre-atlas |
Returns: Compliance evidence mapping findings to framework controls, including control IDs, pass/fail status, and supporting evidence from scan results.
Supported frameworks:
| Framework | Enum value | Description |
|---|---|---|
| SOC 2 | soc2 | Service Organization Control 2 trust criteria |
| EU AI Act | ai-act | European Union AI regulation requirements |
| GDPR | gdpr | General Data Protection Regulation |
| NIST AI RMF | nist-ai-rmf | NIST AI Risk Management Framework |
| OWASP Agentic Top 10 | owasp-agentic | OWASP top risks for agentic AI systems |
| ISO 42001 | iso-42001 | AI management system standard |
| MITRE ATLAS | mitre-atlas | Adversarial threat landscape for AI systems |
Example agent prompt: “Check this project against SOC 2 compliance requirements”
Supported Platforms
Section titled “Supported Platforms”The MCP server auto-detects these agent platforms:
- Claude Code Skills
- MCP Servers
- OpenAI Codex Plugins
- Cursor Extensions
- CrewAI Agents
- AutoGPT Plugins
- OpenClaw Skills
- Nanobot Agents
- Supabase
How It Works
Section titled “How It Works”- Your AI agent connects to the Firmis MCP server via stdio
- The agent calls
firmis_scanor other tools as part of its workflow - Firmis runs the scan locally and returns structured JSON results
- The agent uses the results to suggest fixes, flag risks, or generate reports
Use Cases
Section titled “Use Cases”- Code review agents that automatically scan for security issues in PRs
- DevOps agents that check compliance before deployment
- Security copilots that explain findings and suggest remediations
- CI agents that gate merges on security grade
Authentication
Section titled “Authentication”The MCP server runs locally and uses your CLI authentication. Most tools work without login. Deep scan and cloud features require firmis login:
npx firmis-cli loginOnce authenticated, firmis_deep_scan and credit-based features become available through the MCP tools.