How to Use the CrowdSec MCP in Claude Code

Q: How do I configure the CrowdSec MCP Server for Claude Code?

Run claude mcp add --transport http crowdsec-mcp -- . Make sure all flags precede the server name. The config saves to /.claude.json.

Pipe CrowdSec threat intelligence straight into your terminal. Claude Code checks IP reputation and local bans without a GUI.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

MCP Servers - Free for Subscribers

Connect CrowdSec MCP to Claude Code

Create your Vinkius account to connect CrowdSec to Claude Code and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers

Setup CrowdSec with Claude Code

Ask AI about this MCP

ChatGPT

Claude

Perplexity

Terminal-Native CrowdSec MCP Server

DevOps engineers live in the shell. When an alert fires at 3 AM, you want answers fast. Claude Code executes `get_cti_smoke` directly from your command line to check an offending IP against the global reputation database. The result pipes straight back into your terminal session. You can then ask the agent to grep your access logs for that specific address and generate a shell script to drop the traffic.

Audit Local API Decisions

Managing firewalls requires knowing exactly what your system is currently blocking. You tell your terminal agent to fetch the active ban list. It runs `get_decisions` against the local CrowdSec instance and returns the raw data. Claude Code parses that output immediately. It can format the raw JSON into a readable table, filter for specific subnets, or compare the active bans against your cloud provider's security groups.

Headless Threat Monitoring

CI/CD pipelines and cron jobs need automated security checks. You can script Claude Code to run headless, polling `get_decisions_stream` every few minutes to look for newly dropped threats. If a new ban appears, the agent can trigger a webhook or update a remote firewall configuration file. The entire workflow happens asynchronously without any browser or IDE getting in the way.

Setup guide

Set up CrowdSec MCP in Claude Code

Prerequisites

Claude Code CLI installed (npm install -g @anthropic-ai/claude-code)
Active Vinkius subscription with a valid endpoint token

1

Run the add command

Open your terminal and run the command shown on the right. Replace [YOUR_TOKEN_HERE] with your endpoint token from cloud.vinkius.com. Use --scope user to make it available across all projects.
2

Verify the connection

Start a Claude Code session and type /mcp to list connected servers. You should see crowdsec-mcp with a green status indicator.
3

Start using tools

Ask Claude Code something like "Check my latest CrowdSec transactions." It will automatically discover and invoke the available CrowdSec tools.

Terminal

claude mcp add --transport http crowdsec-mcp https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp

Get your connection token →

Prerequisites

Claude Code CLI installed
Active Vinkius subscription with a valid endpoint token

1

Open the config file

Create or edit .mcp.json in your project root for project-level scope, or ~/.claude.json for user-level scope.
2

Add the CrowdSec MCP

Paste the JSON snippet shown on the right into the mcpServers object. Replace [YOUR_TOKEN_HERE] with your endpoint token from cloud.vinkius.com.
3

Restart Claude Code

Start a new Claude Code session. Type /mcp to confirm the server is connected. The tools will be automatically available in your conversation.

.mcp.json

{
  "mcpServers": {
    "crowdsec-mcp": {
      "type": "url",
      "url": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
    }
  }
}

Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by CrowdSec. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect CrowdSec now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about CrowdSec MCP in Claude Code

Run `claude mcp add --transport http crowdsec-mcp -- `. Make sure all flags precede the server name. The config saves to `~/.claude.json`.

Yes. The terminal agent runs headless. You can trigger IP reputation checks during a deployment step to ensure your staging environment avoids known malicious actors.

It queries the global threat intelligence database for a specific IP. Your CLI agent receives a risk score and known attack categories associated with that address.

You can have the agent read your log file, extract the suspicious IPs, and feed them into the CTI tool one by one. It automates the manual copy-pasting usually required for incident response.

Vinkius routes your API token and IP queries through a zero-trust architecture. We process the `get_decisions` payload inside a temporary sandbox that self-destructs the moment the command exits. No logs persist.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

OpenAI Agents SDK sdk-python

Google ADK sdk-python

Pydantic AI sdk-python

Vercel AI SDK sdk-typescript