How to Use the CrowdSec MCP in Cline

Q: Will Cline automatically ban IPs using CrowdSec?

The agent reads data from getctismoke and local decisions. It can write code to implement bans, but it requires your permission before executing shell commands that alter system firewalls.

Q: How does the stream tool work in VS Code?

The agent sets up a loop calling getdecisionsstream. This pulls incremental changes from the local API rather than downloading the entire ban list repeatedly.

Turn Cline into a security engineer. Connect CrowdSec to VS Code and watch it build threat dashboards or automate IP blocks.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

MCP Servers - Free for Subscribers

Connect CrowdSec MCP to Cline

Create your Vinkius account to connect CrowdSec to Cline and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers

Setup CrowdSec with Cline

Ask AI about this MCP

ChatGPT

Claude

Perplexity

CrowdSec MCP Server Integration

Cline takes raw threat intelligence and turns it into working infrastructure. You tell it to build an admin panel for banned IPs. It immediately uses `get_decisions` to pull the active blocklist from your local API. The agent doesn't stop at fetching data. It writes the React components, maps the API response to your table UI, and spins up the preview. You get a fully functional security dashboard without writing a single line of code.

Live Polling for Threat Updates

Static lists get stale fast. Cline can write backend services that ingest live security events. It sets up a polling mechanism using `get_decisions_stream` to catch new and deleted bans the second they hit the CrowdSec LAPI. Your agent then wires that stream into a WebSocket server or a database update script. It handles the entire pipeline from the initial API connection to the final data storage logic.

Instant CTI Reputation Checks

Analyzing log files manually is a waste of time. When you paste a suspicious Nginx error into VS Code, Cline grabs the IP and fires off `get_cti_smoke`. It reads the global reputation score instantly. Based on that score, the agent can write an iptables rule or update your cloud security group configuration. It executes the full loop from detection to remediation right inside your editor.

Setup guide

Set up CrowdSec MCP in Cline

Prerequisites

VS Code with Cline extension installed
Active Vinkius subscription with a valid endpoint token

1

Open Cline MCP settings

Click the Cline icon in the VS Code sidebar to open the Cline panel. Then click the MCP Servers icon (server stack) at the top-right corner of the panel.
2

Add a remote server

Click "Remote Servers" at the top, then click "Add Remote MCP". In the Name field, type crowdsec-mcp. In the URL field, paste your Vinkius endpoint: https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp. Get your token from cloud.vinkius.com.
3

Enable the server

After saving, the server appears in the Cline MCP panel. Toggle the switch to enable it. The status indicator turns green when the connection is live.
4

Start using tools

Return to the Cline chat and ask: "Check my latest CrowdSec refund status." Cline will discover the available tools and request your approval before invoking each one — giving you full control over every action.

Cline MCP Settings

{
  "mcpServers": {
    "crowdsec-mcp": {
      "url": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
    }
  }
}

Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by CrowdSec. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect CrowdSec now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about CrowdSec MCP in Cline

Click the MCP Servers icon in the Cline sidebar. Use the Marketplace tab for instant setup, or edit `cline_mcp_settings.json` to add the Vinkius endpoint.

The agent reads data from `get_cti_smoke` and local decisions. It can write code to implement bans, but it requires your permission before executing shell commands that alter system firewalls.

Yes. Cline excels at end-to-end task execution. It will pull the threat data, write the backend logic, and create the frontend interface in one continuous session.

The agent sets up a loop calling `get_decisions_stream`. This pulls incremental changes from the local API rather than downloading the entire ban list repeatedly.

Your local ban lists and queried IP addresses remain strictly scoped to the current task. We execute the connection inside an ephemeral V8 isolate. Once the VS Code session ends, the authentication token dies with it.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

OpenAI Agents SDK sdk-python

Google ADK sdk-python

Pydantic AI sdk-python

Vercel AI SDK sdk-typescript