How to Use the Contrast Security MCP in Claude

Q: How does Claude Desktop connect to the Contrast Security MCP Server?

You configure it by editing your claudedesktopconfig.json file. Add the server details under the mcpServers key, then restart Claude Desktop. The hammer icon will appear in your chat, showing the active tools.

Q: How do I search for a specific app using Contrast Security in Claude Desktop?

Just ask Claude to find the app by name. The agent runs searchapplicationsbyname to locate the target, then pulls its status. You don't need to know the exact ID to get started.

Get Contrast Security vulnerability details and application metrics directly inside your Claude Desktop chat.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

MCP Servers - Free for Subscribers

Connect Contrast Security MCP to Claude Desktop

Create your Vinkius account to connect Contrast Security to Claude Desktop and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers

Setup Contrast Security with Claude Desktop

Ask AI about this MCP

ChatGPT

Claude

Perplexity

Pull Contrast Security data into Claude Desktop

Your agent uses `list_applications` to pull your active software inventory directly into Claude Desktop. This keeps you from jumping back and forth between your security console and your terminal when you need to inspect an app. You get the live status of your monitored environments right in your chat window. The desktop client runs this MCP server as a local subprocess, meaning your queries are fast. If you need to check who has access to these environments, your agent runs `list_organization_users` and `get_organization_info` without making you click through nested administrative menus.

Real-time vulnerability triage in your chat

When a new alert hits, your agent calls `list_critical_vulnerabilities` to fetch severe security threats inside Claude Desktop. The agent evaluates the threat path and pulls the exact trace data of the vulnerability. You don't have to copy-paste stack traces or vulnerability payloads into your browser anymore. This setup runs through the local stdio transport on your machine. The agent uses `get_vulnerability_details` to analyze the code path and the vulnerability trace side-by-side, helping you write a patch based on actual telemetry rather than guesswork.

Map your attack surface via this MCP Server

Your agent uses `list_monitored_servers` to identify active Contrast agents running across your environments. It matches these servers against your active applications to spot unmonitored gaps in your infrastructure. If you are hunting for a specific bug, the agent uses `search_vulnerabilities` or `list_vulnerability_traces` to find matching patterns across your entire catalog. It gives you a clear view of your security posture without leaving the Claude Desktop interface.

Setup guide

Set up Contrast Security MCP in Claude Web or Desktop

1

Open Claude Settings

Go to claude.ai, click your profile icon, then navigate to Customize → Connectors.
2

Add Custom Connector

Click the "+" button and select Add custom connector. Paste your Vinkius endpoint URL: https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp Replace [YOUR_TOKEN_HERE] with your token from cloud.vinkius.com. For OAuth-protected servers, expand Advanced settings to add credentials.
3

Start a conversation

Open a new chat. The Contrast Security MCP tools are available immediately — no restart needed.

Endpoint URL

https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp

No configuration file needed — paste the URL directly in the Claude web interface.

Available on Free (1 connector), Pro, Max, Team, and Enterprise plans.

Prerequisites

Claude Desktop installed (macOS or Windows)
Active Vinkius subscription with a valid endpoint token

1

Open Claude Desktop Settings

Click the menu icon at the top-left corner, go to Settings → Developer → Edit Config. This opens claude_desktop_config.json in your default text editor.
2

Paste the Contrast Security MCP configuration

Copy the JSON snippet on the right into the mcpServers object. Replace [YOUR_TOKEN_HERE] with your endpoint token from cloud.vinkius.com.
3

Restart Claude Desktop

Close and reopen the application. Claude needs a full restart to load new MCPs — refreshing a conversation is not enough.
4

Verify the connection

Open a new conversation. Click the 🔌 icon at the bottom of the message input. You should see tools listed under contrast-security-mcp.

json

{
  "mcpServers": {
    "contrast-security-mcp": {
      "url": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
    }
  }
}

Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Contrast Security. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect Contrast Security now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about Contrast Security MCP in Claude Desktop

You configure it by editing your `claude_desktop_config.json` file. Add the server details under the `mcpServers` key, then restart Claude Desktop. The hammer icon will appear in your chat, showing the active tools.

Yes, both work. For Claude Web, you add it as a custom connector in your browser settings using the remote HTTPS URL provided by Vinkius. For the Desktop app, you run it locally via stdio.

Claude Desktop can write the fix, but it cannot commit code or modify your servers directly. It uses `get_vulnerability_details` to understand the root cause, writes the corrected code block in chat, and lets you apply it manually.

Just ask Claude to find the app by name. The agent runs `search_applications_by_name` to locate the target, then pulls its status. You don't need to know the exact ID to get started.

Yes, your vulnerability traces and organization metadata are protected. The MCP server runs in a secure Vinkius sandbox, and Claude Desktop only queries the specific endpoints needed for your active prompt. Your raw application security logs never train public models.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

OpenAI Agents SDK sdk-python

Google ADK sdk-python

Pydantic AI sdk-python

Vercel AI SDK sdk-typescript