Bring Threat Intelligence
to Claude Code
Learn how to connect CrowdSec to Claude Code and start using 3 AI agent tools in minutes. Fully managed, enterprise secure, and ready to use without writing a single line of code.
GDPR Free for SubscribersCompatible with every major AI agent and IDE
Gemini
What is the CrowdSec MCP Server?
Connect your CrowdSec security engine to any AI agent to take full control of your threat intelligence and network defense through natural conversation.
What you can do
- Local Decisions — Query your Local API (LAPI) for active blocks or decisions on specific IPs, ranges, or scopes to understand current local threats.
- Decision Streaming — Poll for real-time updates on new and deleted decisions from your local database to keep your security context synchronized.
- Global CTI Reputation — Fetch global IP reputation data, behaviors, and classifications from the CrowdSec Community Threat Intelligence (CTI) network.
- Security Auditing — Inspect metadata and classifications for suspicious actors directly from your command interface or code editor.
How it works
- Subscribe to this server
- Enter your CrowdSec LAPI URL, LAPI Key, and CTI Key
- Start managing your security posture from Claude, Cursor, or any MCP-compatible client
No more manual log diving or complex CLI commands to check if an IP is malicious. Your AI acts as a dedicated security analyst.
Who is this for?
- Security Engineers — instantly retrieve local decision statuses and global reputation metrics without leaving the terminal
- DevOps Teams — monitor security streams and verify IP behaviors during incident response directly from the IDE
- System Administrators — automate the auditing of blocked ranges and suspicious network activity through natural language
Built-in capabilities (3)
Get CTI reputation for an IP
Query CrowdSec LAPI for decisions
Poll for new and deleted decisions from LAPI
Why Claude Code?
Claude Code registers CrowdSec as an MCP server in a single terminal command. Once connected, Claude Code discovers all 3 tools at runtime and can call them headlessly. ideal for CI/CD pipelines, cron jobs, and automated workflows where CrowdSec data drives decisions without human intervention.
- —
Single-command setup:
claude mcp addregisters the server instantly. no config files to edit or applications to restart - —
Terminal-native workflow means MCP tools integrate seamlessly into shell scripts, CI/CD pipelines, and automated DevOps tasks
- —
Claude Code runs headlessly, enabling unattended batch processing using CrowdSec tools in cron jobs or deployment scripts
- —
Built by the same team that created the MCP protocol, ensuring first-class compatibility and the fastest adoption of new protocol features
CrowdSec in Claude Code
CrowdSec and 4,000+ other MCP servers. One platform. One governance layer.
Teams that connect CrowdSec to Claude Code through Vinkius don't need to source, host, or maintain individual MCP servers. Every tool call runs inside a hardened runtime with credential isolation, DLP, and a signed audit chain.
Raw MCP | Vinkius | |
|---|---|---|
| Server catalog | Find and host yourself | 4,000+ managed |
| Infrastructure | Self-hosted | Sandboxed V8 isolates |
| Credential handling | Plaintext in config | Vault + runtime injection |
| Data loss prevention | None | Configurable DLP policies |
| Kill switch | None | Global instant shutdown |
| Financial circuit breakers | None | Per-server limits + alerts |
| Audit trail | None | Ed25519 signed logs |
| SIEM log streaming | None | Splunk, Datadog, Webhook |
| Honeytokens | None | Canary alerts on leak |
| Custom domains | Not applicable | DNS challenge verified |
| GDPR compliance | Manual effort | Automated purge + export |
Why teams choose Vinkius for CrowdSec in Claude Code
The CrowdSec MCP Server runs on Vinkius-managed infrastructure inside AWS — a purpose-built runtime with per-request V8 isolates, Ed25519 signed audit chains, and sub-40ms cold starts. All 3 tools execute in hardened sandboxes optimized for native MCP execution.
Your AI agents in Claude Code only access the data you authorize, with DLP that blocks sensitive information from ever reaching the model, kill switch for instant shutdown, and up to 60% token savings. Enterprise-grade infrastructure, zero maintenance.
* Every MCP server runs on Vinkius-managed infrastructure inside AWS - a purpose-built runtime with per-request V8 isolates, Ed25519 signed audit chains, and sub-40ms cold starts optimized for native MCP execution. See our infrastructure
How Vinkius secures
CrowdSec for Claude Code
Every tool call from Claude Code to the CrowdSec MCP Server is protected by DLP redaction, cryptographic audit chains, V8 sandbox isolation, kill switch, and financial circuit breakers.
Frequently asked questions
Can I check if a specific IP address is currently blocked in my local CrowdSec instance?
Yes! Use the get_decisions tool providing the IP address. Your agent will query your Local API and return any active decisions, including the reason and duration of the block.
How do I see the latest security threats detected by my server in real-time?
You can use the get_decisions_stream tool. This allows your agent to poll for new and deleted decisions, giving you a clear view of recent security activity on your infrastructure.
Can I verify an IP's global reputation even if it hasn't attacked my server yet?
Absolutely. The get_cti_smoke tool queries the global CrowdSec CTI network. It provides background information, attack behaviors, and risk scores for any IP based on community data.
How do I add an MCP server to Claude Code?
Run claude mcp add <name> --transport http "<url>" in your terminal. Claude Code registers the server and discovers all tools immediately.
Can Claude Code run MCP tools in headless mode?
Yes. Claude Code supports non-interactive execution, making it ideal for scripts, cron jobs, and CI/CD pipelines that need MCP tool access.
How do I list all connected MCP servers?
Run claude mcp in your terminal to see all registered servers and their status, or type /mcp inside an active Claude Code session.
Command not found: claude
Ensure Claude Code is installed globally: npm install -g @anthropic-ai/claude-code
Connection timeout
Check your internet connection and verify the Edge URL is reachable
Explore More MCP Servers
View all →
Veeqo
7 toolsManage multi-channel e-commerce inventory, shipping, and order fulfillment from one platform that syncs with Amazon and beyond.
SnapCall
11 toolsEmbed voice, video, and screen sharing into any digital interaction on SnapCall with AI agents.
Atlassian Crowd
10 toolsEquip your AI agent to manage users, groups, and directory memberships via the Atlassian Crowd API.
ClickSend
8 toolsManage SMS and multi-channel messaging via ClickSend — send messages, track history, and monitor inbound SMS directly from any AI agent.