How to Use the Intruder MCP in VS Code Copilot

Q: How do I set up the Intruder MCP server for my team in VS Code Copilot?

Create a .vscode/mcp.json file in your repository root and add the server configuration. Commit this file to Git so every developer on your team gets instant access to the security tools.

Q: How do we verify our license usage using this MCP server?

Run the listlicences tool to return your active subscription and target capacity details. This helps your team verify if you have enough license room before adding new targets to your cloud integrations.

Track live vulnerability scans and audit target assets directly within VS Code Copilot across your entire development team.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

MCP Servers - Free for Subscribers

Connect Intruder MCP to VS Code Copilot

Create your Vinkius account to connect Intruder to VS Code Copilot and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers

Setup Intruder with VS Code Copilot

Ask AI about this MCP

ChatGPT

Claude

Perplexity

Audit live vulnerability issues in VS Code Copilot

The `list_issues` tool fetches your complete security backlog directly into your VS Code Copilot chat. Developers can instantly check active vulnerability lists without leaving their workspace or opening a web browser. When a specific flaw needs investigation, use `get_issue` to pull down detailed remediation advice. VS Code Copilot reads this context to help your team write secure code that resolves the issue.

Monitor infrastructure targets inside your workspace

The `list_targets` tool exposes your complete list of scanned assets directly to VS Code Copilot. This makes it simple to verify which servers are currently monitored during your deployment pipelines. Use `get_target` to inspect specific asset tags and metadata to ensure your staging and production environments are covered. If you need to verify how new targets are discovered, run `list_cloud_integrations` to inspect your cloud setup.

Track and audit security scans from your editor

The `list_scans` tool retrieves your security assessment history directly in the VS Code Copilot chat window. Your team can quickly verify when the last scan ran and track overall testing frequency. Pass a scan ID to `get_scan` to retrieve a summary of findings and targets included in that run. VS Code Copilot uses this data to confirm that recent commits have not triggered new security alerts.

Setup guide

Set up Intruder MCP in VS Code Copilot

Prerequisites

VS Code 1.99 or later with GitHub Copilot extension
Active Vinkius subscription with a valid endpoint token

1

Open MCP configuration

Open the Command Palette (Cmd+Shift+P / Ctrl+Shift+P) and run "MCP: Add Server". Select HTTP (Streamable) as the server type. VS Code will create .vscode/mcp.json in your workspace.
2

Add the Intruder MCP

Paste the JSON snippet shown on the right into your .vscode/mcp.json. Replace [YOUR_TOKEN_HERE] with your endpoint token from cloud.vinkius.com.
3

Switch to Agent mode

Open Copilot Chat (Cmd+Shift+I / Ctrl+Shift+I) and switch to Agent mode using the dropdown. MCP tools are only available in Agent mode — they do not appear in Edit or Ask modes.
4

Verify the connection

In the Copilot Chat input, type # to list available tools. You should see the Intruder tools listed. Try asking: "List my recent Intruder transactions" and Copilot will invoke them automatically.

.vscode/mcp.json

{
  "mcpServers": {
    "intruder-mcp": {
      "url": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
    }
  }
}

Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Intruder. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect Intruder now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about Intruder MCP in VS Code Copilot

Create a `.vscode/mcp.json` file in your repository root and add the server configuration. Commit this file to Git so every developer on your team gets instant access to the security tools.

No, this integration does not support starting new scans. You use `list_scans` and `get_scan` to audit previous security assessments and check their results directly from your chat.

It only requires access to your personal or team API token to read vulnerability and target data. The integration does not have write permissions, meaning it cannot alter your cloud configurations.

Run the `list_licences` tool to return your active subscription and target capacity details. This helps your team verify if you have enough license room before adding new targets to your cloud integrations.

No, your vulnerability findings, target lists, and account metadata remain completely private. The server executes locally within your VS Code sandbox and communicates directly with the secure API, ensuring no data is intercepted.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

OpenAI Agents SDK sdk-python

Google ADK sdk-python

Pydantic AI sdk-python

Vercel AI SDK sdk-typescript