How to Use the Intruder MCP in Windsurf

Q: Can Windsurf automate patching using the Intruder MCP Server?

Yes, but you maintain control. The agent uses getissue to provide exact fix instructions, then you execute the code changes.

Q: Is my cloud data safe when using Intruder with Windsurf?

The server only reads the metadata you allow. It uses listcloudintegrations to check configurations without exposing your actual infrastructure keys.

Q: How do I verify if my assets are being scanned?

Use listscans to see the last time an asset was checked. It gives you the full history of your security posture.

Q: What happens if a scan fails in Windsurf?

The server reports scan status via getscan. You can see duration and results immediately to troubleshoot the failure.

Get real-time security visibility directly inside Windsurf by letting Cascade query your Intruder data.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

MCP Servers - Free for Subscribers

Connect Intruder MCP to Windsurf

Create your Vinkius account to connect Intruder to Windsurf and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers

Setup Intruder with Windsurf

Ask AI about this MCP

ChatGPT

Claude

Perplexity

Automated security posture audits

Cascade uses `list_issues` to pull your entire vulnerability backlog into your workspace context. It groups findings by severity so you can see exactly where the biggest risks hide. Once it identifies a critical flaw, it calls `get_issue` to grab specific remediation steps. You get actionable intelligence without leaving your editor.

Dynamic infrastructure monitoring

Keep your target list current by having Windsurf run `list_targets` whenever you update your infrastructure. If a new asset appears, the agent flags it for immediate scanning. It verifies coverage using `list_scans` to ensure no environment goes unmonitored. You stop guessing which assets are active and start patching actual exposure.

Cloud integration oversight

Cascade checks your cloud footprint using `list_cloud_integrations` to confirm Intruder is reaching every bucket and instance. It reconciles your cloud inventory with your security scans automatically. This makes sure your security perimeter matches your production environment. You get a clear view of your account status via `get_account` to prevent configuration drift.

Setup guide

Set up Intruder MCP in Windsurf

Prerequisites

Windsurf IDE installed (macOS, Windows, or Linux)
Active Vinkius subscription with a valid endpoint token

1

Open MCP configuration

Click the Cascade assistant icon in the sidebar, then click the hammer icon (🔨) at the top of the panel. Select "Configure" to open ~/.codeium/windsurf/mcp_config.json.
2

Add the Intruder MCP

Paste the JSON snippet shown on the right into the mcpServers object. Replace [YOUR_TOKEN_HERE] with your endpoint token from cloud.vinkius.com.
3

Refresh MCPs

Go back to the hammer icon (🔨) in Cascade and click "Refresh". Windsurf will detect the new server. No full restart is needed — the connection is hot-reloaded.
4

Verify in Cascade

Start a new Cascade conversation and ask something like "Show my Intruder payment history." If connected, Cascade will call the Intruder tools directly. You will see a green dot next to the server name in the MCP panel.

mcp_config.json

{
  "mcpServers": {
    "intruder-mcp": {
      "url": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
    }
  }
}

Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Intruder. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect Intruder now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about Intruder MCP in Windsurf

It provides a direct line to your scan findings. Windsurf uses `list_issues` to pull the latest security data into your chat panel for immediate review.

Yes, but you maintain control. The agent uses `get_issue` to provide exact fix instructions, then you execute the code changes.

The server only reads the metadata you allow. It uses `list_cloud_integrations` to check configurations without exposing your actual infrastructure keys.

Use `list_scans` to see the last time an asset was checked. It gives you the full history of your security posture.

The server reports scan status via `get_scan`. You can see duration and results immediately to troubleshoot the failure.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

OpenAI Agents SDK sdk-python

Google ADK sdk-python