StackHawk MCP. Run DAST scans and manage vulnerabilities via chat.
Gemini Works with every AI agent you already use
…and any MCP-compatible client
Just plug in your AI agents and start using Vinkius.
StackHawk connects your AI agent directly to a DAST platform, letting you run automated security scans and manage vulnerabilities through natural language commands.
Use it to initiate `run_scan` across various environments, list applications with `list_applications`, or immediately triage alerts using `triage_alert`. It takes the guesswork out of threat assessment for CI/CD pipelines.
What your AI agents can do
Get application details
Fetches the specific configuration details for a single StackHawk application.
Get organization details
Retrieves overall stackhawk organization data, including subscription and account tier information.
Get scan alerts
Downloads specific security vulnerability alerts discovered during a DAST scan run.
Initiates new security evaluations on an application or securely halts existing scans.
Lists all registered applications and the specific deployment environments (like Production or Staging) they are running in.
Downloads individual vulnerability details (get_scan_alerts) or gets high-level metadata for any finished scan run.
Obtains the necessary bearer access token using login to authorize all subsequent security API calls.
Changes the status of a discovered alert—marking it as accepted risk or a false positive—using triage_alert.
Ask AI about this MCP
Supported MCP Clients
Gemini Waiting for input…
StackHawk MCP Server: 10 Tools for Security Management
These tools let your AI client manage everything from initial authentication and application discovery to running scans and correcting vulnerability statuses.
019d760cget application details
Fetches the specific configuration details for a single StackHawk application.
019d760cget organization details
Retrieves overall stackhawk organization data, including subscription and account tier information.
019d760cget scan alerts
Downloads specific security vulnerability alerts discovered during a DAST scan run.
019d760cget scan results
Gets the complete set of detailed results and metadata for a specific DAST scan execution ID.
019d760clist api keys
Lists all API keys configured within your StackHawk organization, useful for auditing access hygiene.
019d760clist applications
Lists every DAST application registered to the current StackHawk organization.
019d760clist environments
Shows all configured scan environments (e.g., Staging, Production) for a given stackhawk application.
019d760clist scans
Provides a list of all completed DAST scan runs, including IDs and summary alert counts.
019d760clogin
Authenticates your agent using an API token to obtain the required bearer access token for all other tool calls.
019d760ctriage alert
Updates a specific security alert's status (e.g., false positive, risk accepted) in the system record.
Choose How to Get Started
Build a custom MCP for your own tools, or connect a ready-made integration from our catalog.
Build Your Own
Turn any API into an MCP. Import a spec, define Agent Skills, or deploy with MCPFusion.
- Import from OpenAPI, Swagger, or YAML specs
- Create Agent Skills with progressive disclosure
- Deploy to edge with MCPFusion framework
- Built in DLP, auth, and compliance on every call
- Real time usage dashboard and cost metering
- Publish to catalog or keep private
Make Your AI Do More
Start with StackHawk, then connect any of our 4,700+ other servers whenever your AI needs more. One click, no limits.
- Use this MCP plus 4,700+ others, all in one place
- Add new capabilities to your AI anytime you want
- Every connection is secured and compliant automatically
- Track usage and costs across all your servers
- Works with Claude, ChatGPT, Cursor, and more
- New servers added to the catalog every week
What you can do with this MCP connector
You're gonna connect your AI agent directly to StackHawk, so you can run DAST security scans and manage vulnerabilities using nothing but natural language commands. It takes the guesswork out of threat assessment for CI/CD pipelines.
First, you gotta authenticate. You use login to verify your agent with an API token; this action grabs the bearer access token necessary for every single other tool call.
When it comes to finding what you're testing, you start by listing available deployments. You run list_applications to see every DAST application registered in the StackHawk organization. Then, for any specific app, you pull its configuration details using get_application_details. To understand where those apps are actually running—like Staging or Production—you call list_environments against a given stackhawk application.
For managing your security posture, you initiate scans. You can run new evaluations on an app's environment and halt existing scans if you need to stop them quickly.
Once the scan finishes, you get results in stages. To see a summary of historical runs, you use list_scans, which gives you IDs and high-level counts of alerts for every completed DAST run. If you need the deep metadata and detailed findings from one specific run ID, you call get_scan_results.
For actionable vulnerability details, you download individual security alerts using get_scan_alerts.
After pulling all those raw findings, you gotta triage them. You use triage_alert to change an alert's status in the system record—mark it as a false positive or accept the risk. For internal hygiene and auditing access, you check which keys are active by running list_api_keys, which shows all configured API keys within the organization.
How StackHawk MCP Works
- 1 First, you tell your AI client to run
loginto authenticate and grab the necessary bearer token. This token authorizes all subsequent calls. - 2 Next, you instruct your agent to use a discovery tool like
list_applicationsorlist_environmentsto confirm the scope of the target system. - 3 Finally, tell it what to do: 'Run a scan against Production' (
run_scan), and then ask for the findings usingget_scan_alerts.
The bottom line is that your AI client handles the sequence of calls—from authentication to discovery to action—so you just need to state the security objective.
Who Is StackHawk MCP For?
This is for DevSecOps Engineers and Backend Developers who are sick of manually clicking through dashboard tabs after a failed build. If your job involves verifying that a new microservice deployment didn't introduce a critical vulnerability, this is your tool. You need to act on findings immediately, not just read reports.
Needs to programmatically run scans (run_scan) and then use triage_alert to update risk statuses for newly discovered vulnerabilities without opening a web UI.
Wants to check if their latest code push broke security, quickly pulling the top 5 critical alerts using get_scan_alerts directly into the terminal output.
Requires visibility across multiple services, listing all deployed applications via list_applications to ensure full organizational coverage before an audit.
What Changes When You Connect
- You get to triage alerts using
triage_alertdirectly through conversation. Instead of opening a ticket system, you tell the agent 'Mark this SQL injection as false positive,' and it updates the record immediately. - It lets you run automated scans (
run_scan) on demand. You don't wait for scheduled pipeline jobs; you just instruct your agent to audit an environment right now. - You can quickly scope your investigation by using
list_applicationsandlist_environments. This tells you exactly what services are deployed and where they run—all before you start scanning. - The server provides a single way to get deep findings. Using
get_scan_alertspulls only the vulnerability details you need, bypassing pages of irrelevant metadata. - It makes auditing easy with
list_scans. Instead of digging through dates and IDs in a dashboard, your agent just lists all scan runs for you.
Real-World Use Cases
Immediate Production Hotfix Audit
A developer finds strange behavior on the staging environment. They tell their agent: 'List environments for Payment-Gateway-Core, then run a quick scan against Staging.' The agent calls list_environments and then executes run_scan. This gives them instant coverage without waiting for CI/CD.
Tidying Up False Positives
A security team reviews 50 alerts from last night's scan. Instead of manually logging into the system, they ask their agent to find all 'XSS' alerts and use triage_alert on a list provided by get_scan_alerts, marking them as 'FALSE_POSITIVE' in bulk.
Pre-Audit Scope Check
A security architect needs to audit compliance across the whole company. They first use list_applications to get a complete catalog of every service and then run get_organization_details to confirm billing/tier status before writing any reports.
Debugging Scan Failures
The CI pipeline failed because the scan results were incomplete. Instead of guessing, the developer instructs their agent to use list_scans to find the last successful UUID, and then calls get_scan_results using that ID to get the full technical metadata.
The Tradeoffs
Treating it like a simple API call
Just running 'Get all vulnerabilities' and hoping for structured data. This usually returns raw JSON blobs that are hard to interpret without context.
→
You must first login to get the token, then use list_scans to find a specific scan ID, and finally pass that ID into get_scan_results. The agent handles this sequence.
Forgetting scope checks
Running run_scan against the wrong environment (e.g., running a destructive test on Production).
→
Always confirm the target first. Use list_applications to verify the name, and then use list_environments to ensure you are targeting 'Staging' or 'Test,' not production.
Over-relying on dashboard views
Spending 20 minutes clicking through a web UI just to find one specific alert status.
→
Use get_scan_alerts to download the raw data, and then pass that dataset directly to your agent with instructions like: 'Find all alerts concerning User Auth.' This is faster.
When It Fits, When It Doesn't
You should use this MCP Server if your primary need is programmatic security validation against a running application. If you're trying to assess compliance based on industry standards (like PCI-DSS), you might need a different type of specialized tool that maps findings to specific regulatory controls, not just one that runs the scan itself.
Don't use this if all you need is basic endpoint validation (e.g., confirming an API key exists). For simple checks, a dedicated credential management tool or a lightweight unit test library works better. However, when you need to simulate a full attack surface assessment—finding things like Cross-Site Scripting or SQL Injection flaws—this server gives you the necessary depth by exposing tools like run_scan and get_scan_alerts.
Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by StackHawk. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.
VINKIUS INFRASTRUCTURE
Cloud Hosted
Managed infra
V8 Isolated
Sandboxed per request
Zero-Trust Proxy
No stored credentials
DLP Enforced
Policy on every call
GDPR Compliant
EU data residency
Token Compression
~60% cost reduction
Works with Claude, ChatGPT, Cursor, and more
The Model Context Protocol standardizes how applications expose capabilities to LLMs. Instead of operating in isolation, your AI gains direct access to external platforms, live data, and real-world actions through secure, standardized connections.
This server provides 10 capabilities that interface natively with Claude, ChatGPT, Cursor, and any MCP client. No middleware. No custom integration required.
Available Capabilities
Manually checking security reports is a time sink.
Today, if your team needs to audit an application, someone has to log into the dashboard. They click 'Scan,' wait 20 minutes for it to finish, then they have to navigate through dozens of categories—High, Medium, Low. Then they copy-paste critical findings into a Jira ticket, often forgetting which environment or scan ID they pulled that alert from.
With the StackHawk MCP Server, you just talk to your agent. Say: 'What are the top 3 issues in the staging core?' The agent handles running `list_applications`, calling `get_scan_alerts` for the right scope, and spitting out a clean list of vulnerabilities with their IDs. You get actionable data, period.
StackHawk MCP Server: Triage alerts instantly.
The worst part about finding vulnerabilities is the follow-up. An alert pops up—'SQL Injection Detected!'—and someone has to manually confirm if it's a real threat or just a false positive, then update the ticket status in three different systems.
Now, you simply tell your agent: 'Look at this alert ID and mark it as FALSE_POSITIVE.' The agent executes `triage_alert`, updating the source of truth instantly. It cuts out the manual handoffs between security teams and development teams.
Common Questions About StackHawk MCP
How do I start a scan using StackHawk MCP Server? +
You need to use run_scan. Your agent will prompt you for the application ID, target environment, and scope. It handles the complex API setup so you don't have to.
What is the difference between `list_scans` and `get_scan_results`? +
list_scans gives you a summary list of all runs (ID, high-level count). You use that ID with get_scan_results to download the full technical metadata package.
Can I mark an alert as false positive using StackHawk MCP Server? +
Yes. Use the triage_alert tool and provide the specific alert ID along with one of the valid statuses, like 'FALSE_POSITIVE.' This updates the system record.
What do I need before running any other StackHawk tools? +
You must call login first. This tool authenticates your agent and provides a bearer token that all subsequent calls (like list_applications) require to work.
How do I check my subscription status and overall account limits using `get_organization_details`? +
It retrieves your organization's current details and subscription tier. This lets you know what features are available to you within StackHawk, helping prevent unexpected rate limit errors during complex workflows.
If I suspect a key issue, how can I use `list_api_keys` to check for stale or unnecessary credentials? +
This tool lists all API keys associated with your organization. It's critical for security hygiene; you should audit this list regularly and revoke any keys that are no longer needed.
Before running a scan, how do I verify the available deployment stages using `list_environments`? +
This command shows every configured environment (like Staging or Dev) for an application. You need this list to ensure your AI client targets the correct scope and doesn't accidentally hit production.
What is the best way to download raw data for a single vulnerability using `get_scan_alerts`? +
It downloads granular details for one specific alert found during a DAST scan. This provides actionable context—like exact payload examples or CWE identifiers—that summary reports often skip.
Are scans executed locally or in the cloud? +
Scans run on the StackHawk cloud infrastructure. The MCP integration only triggers and monitors them — no heavy processing happens in your AI context.
Why is the `login` step required? +
The StackHawk API uses short-lived Bearer tokens. The login tool exchanges your API key for a session token that authenticates all subsequent requests.
Can the agent triage alerts automatically? +
Yes. Use triage_alert to mark specific vulnerabilities as false positives, accepted risks, or confirmed issues. Each triage action targets a single alert by ID.
Use it with your favorite AI tools
Connect this server to Cursor, Claude, VS Code, and more.
More in this category
DNSimple
Manage domains, DNSSEC, and email forwarding via DNSimple — list accounts, control domains, and manage DS records directly from your AI agent.
Mitto
Automate SMS messaging and 2FA verification via Mitto — send single or bulk messages, verify OTPs, and lookup phone numbers directly from your AI agent.
Atlassian Crowd
Equip your AI agent to manage users, groups, and directory memberships via the Atlassian Crowd API.
You might also like
Edamam
Analyze nutrition from natural language, search recipes with dietary filters, and access a comprehensive food database with Edamam's AI-powered platform.
Phone Validator Engine
Stop LLMs from hallucinating phone numbers. Validates and formats numbers to E.164 natively.
BugSnag
Monitor application errors via BugSnag — track stability, inspect error groups, and retrieve event details directly from any AI agent.