Bring Api Security
to CrewAI
Create your Vinkius account to connect Equixly to CrewAI and start using all 10 AI tools in minutes. Fully managed, enterprise secure, and ready to use without writing a single line of code. No hosting, no server setup — just connect and start using.
GDPR Free for SubscribersCompatible with every major AI agent and IDE
Gemini
What is the Equixly MCP Server?
Connect your Equixly account to any AI agent and take full control of your autonomous API security testing and vulnerability management through natural conversation.
What you can do
- Autonomous Pentest Orchestration — Launch new attack sessions where the Equixly AI Hacker autonomously explores and attacks your API for BOLA, IDOR, and injection flaws
- Service Management — Register and manage target API services by defining base URLs and granular path-scoping rules for continuous monitoring
- API Surface Discovery — Upload and manage API specifications (OpenAPI, GraphQL, Postman) to broaden the attack surface known to the AI Hacker
- Vulnerability Auditing — Retrieve detailed lists of confirmed exploitable security flaws with severity ratings, OWASP mapping, and remediation guidance
- Scan Status Monitoring — Track execution progress and overall outcomes of active penetration tests, including total requests and endpoints explored
- Remediation Oversight — Access evidence of exploitation for specific findings to validate security fixes and maintain production safety
- Target Configuration — Fetch granular metadata for API targets, including authentication hooks and production safety toggles natively
How it works
- Subscribe to this server
- Enter your Equixly API Token (found in your platform's Authentication Settings or Admin section)
- Start managing your API security from Claude, Cursor, or any MCP-compatible client
Who is this for?
- Security Engineers & CISOs — monitor API security posture and trigger pentests without manual tool configuration
- Backend Developers — trigger security scans upon deployment and verify remediation guidance directly from the IDE
- DevSecOps Teams — integrate autonomous pentesting into CI/CD pipelines and audit findings using natural language
- QA Engineers — verify API security boundaries and test for business logic flaws through natural conversation
Built-in capabilities (10)
Provide the human-readable name and the live base URL. After creation, upload an API spec to maximize attack surface coverage. Register a new API target service for autonomous pentesting
Use when decommissioning an API or cleaning up test environments. This action is irreversible. Remove an API service and all its scan history from Equixly
Includes total requests made, endpoints explored, attack vectors attempted, severity breakdown of findings (critical/high/medium/low), and OWASP Top 10 mapping. Get detailed status and summary of a specific pentest scan
Each finding includes a severity rating, OWASP category, affected endpoint path, HTTP method, request/response evidence of exploitation, and actionable remediation guidance. Download all exploitable vulnerabilities found in a pentest scan
Required before modifying scan behavior. Get detailed configuration of a specific API service
The AI Hacker uses these specs to understand the full attack surface, so keeping them updated maximizes vulnerability discovery coverage. List uploaded API specifications for a service
Each scan entry includes its status (running, completed, failed), timestamps, and the total count of vulnerabilities detected in that session. List all pentest scan sessions for an API service
A Service represents a single API base URL that the autonomous AI pentester continuously attacks. Each service contains its unique ID, name, base URL, and the number of discovered endpoints. List all registered API services in Equixly
It tests for BOLA, broken authentication, mass assignment, IDOR, injection, and business logic flaws. Ideal for CI/CD pipeline integration upon each deployment. Launch a new autonomous AI penetration test against a service
Supported formats: openapi (JSON/YAML), postman, graphql, wsdl, har. Pass the raw spec content as a string along with the format identifier. Upload an API specification (OpenAPI, Postman, etc.) to a service
Why CrewAI?
When paired with CrewAI, Equixly becomes a first-class tool in your multi-agent workflows. Each agent in the crew can call Equixly tools autonomously, one agent queries data, another analyzes results, a third compiles reports, all orchestrated through Vinkius with zero configuration overhead.
- —
Multi-agent collaboration lets you decompose complex workflows into specialized roles, one agent researches, another analyzes, a third generates reports, each with access to MCP tools
- —
CrewAI's native MCP integration requires zero adapter code: pass Vinkius Edge URL directly in the
mcpsparameter and agents auto-discover every available tool at runtime - —
Built-in task delegation and shared memory mean agents can pass context between steps without manual state management, enabling multi-hop reasoning across tool calls
- —
Sequential and hierarchical crew patterns map naturally to real-world workflows: enumerate subdomains → analyze DNS history → check WHOIS records → compile findings into actionable reports
Equixly in CrewAI
Why run Equixly with Vinkius?
The Equixly connection runs on our fully managed, secure cloud infrastructure. We handle the hosting, maintenance, and security so you don't have to deal with servers or code. All 10 tools are ready to work instantly without any complex setup.
You stay in complete control of your data. Your AI only accesses the information you approve, keeping your sensitive passwords and private details completely safe. Plus, with automatic optimizations, your AI works faster and more efficiently.
* Every connection is hosted and maintained by Vinkius. We handle the security, updates, and infrastructure so you don't have to write code or manage servers. See our infrastructure
Over 4,000 integrations ready for AI agents
Explore a vast library of pre-built integrations, optimized and ready to deploy.
Connect securely in under 30 seconds
Generate tokens to authenticate and link external services in a single step.
Complete visibility into every agent action
Audit live requests, latency, success rates, and active security compliance policies.
Optimize spending and track token ROI
Analyze real-time token consumption and cost metrics detailed by connection.
Explore our live AI Agents Analytics dashboard to see it all working
This dashboard is included when you connect Equixly using Vinkius. You will never be left in the dark about what your AI agents are doing with your tools.
Equixly and 4,000+ other AI tools. No hosting, no code, ready to use.
Professionals who connect Equixly to CrewAI through Vinkius don't need to write code, manage servers, or worry about security. Everything is pre-configured, secure, and runs automatically in the background.
Raw MCP | Vinkius | |
|---|---|---|
| Ready-to-use MCPs | Find and configure each manually | 4,000+ MCPs ready to use |
| Connection Setup | Manual coding & server setup | 1-click instant connection |
| Server Hosting | You host it yourself (needs 24/7 uptime) | 100% hosted & managed by Vinkius |
| Security & Privacy | Stored in plaintext config files | Bank-grade encrypted vault |
| Activity Visibility | Blind execution (no logs or tracking) | Live dashboard with real-time logs |
| Cost Control | Runaway AI token spend risk | Automatic budget limits |
| Revoking Access | Must delete files or code to stop | 1-click disconnect button |
How Vinkius secures
Equixly for CrewAI
Every request between CrewAI and Equixly is protected by our secure gateway. We automatically keep your sensitive data private, prevent unauthorized access, and let you disconnect instantly at any time.
Frequently asked questions
Can my agent trigger an autonomous penetration test on a specific API?
Yes. Use the 'trigger_scan' tool with the target Service ID. The Equixly AI Hacker will begin an autonomous session, learning and attacking the API for various flaws including BOLA and business logic errors.
How do I see the security vulnerabilities found in the last scan via chat?
Use the 'get_scan_findings' tool. Provide the Service and Scan IDs. The agent will retrieve a detailed list of confirmed security flaws, including severity levels and actionable remediation guidance.
Can I upload an OpenAPI specification to improve scan coverage through the agent?
Absolutely. Use the 'upload_api_spec' tool. Provide the spec content and format (e.g., 'openapi'). This allows the AI Hacker to understand the full attack surface and maximize vulnerability discovery.
How does CrewAI discover and connect to MCP tools?
CrewAI connects to MCP servers lazily. when the crew starts, each agent resolves its MCP URLs and fetches the tool catalog via the standard tools/list method. This means tools are always fresh and reflect the server's current capabilities. No tool schemas need to be hardcoded.
Can different agents in the same crew use different MCP servers?
Yes. Each agent has its own mcps list, so you can assign specific servers to specific roles. For example, a reconnaissance agent might use a domain intelligence server while an analysis agent uses a vulnerability database server.
What happens when an MCP tool call fails during a crew run?
CrewAI wraps tool failures as context for the agent. The LLM receives the error message and can decide to retry with different parameters, fall back to a different tool, or mark the task as partially complete. This resilience is critical for production workflows.
Can CrewAI agents call multiple MCP tools in parallel?
CrewAI agents execute tool calls sequentially within a single reasoning step. However, you can run multiple agents in parallel using process=Process.parallel, each calling different MCP tools concurrently. This is ideal for workflows where separate data sources need to be queried simultaneously.
Can I run CrewAI crews on a schedule (cron)?
Yes. CrewAI crews are standard Python scripts, so you can invoke them via cron, Airflow, Celery, or any task scheduler. The crew.kickoff() method runs synchronously by default, making it straightforward to integrate into existing pipelines.
MCP tools not discovered
Ensure the Edge URL is correct. CrewAI connects lazily when the crew starts. check console output.
Agent not using tools
Make the task description specific. Instead of "do something", say "Use the available tools to list contacts".
Timeout errors
CrewAI has a 10s connection timeout by default. Ensure your network can reach the Edge URL.
Rate limiting or 429 errors
Vinkius enforces per-token rate limits. Check your subscription tier and request quota in the dashboard. Upgrade if you need higher throughput.
Explore More MCP Servers
View all →
Aha!
5 toolsProduct roadmapping and strategy — manage features, ideas, and strategic goals via AI.
Shumei Anti-Fraud
4 toolsBring Shumei's top-tier Anti-Fraud and Risk Control to your AI. Analyze text, images, and devices for malicious activity instantly.
Bureau of Labor Statistics Full — The Mega Server
1 toolsThe ultimate BLS Mega-Server: Access all 6 major datasets including CPI (Inflation), CES (Jobs), CPS (Unemployment), JOLTS (Turnover), LAUS (Local metrics), and OEWS (Wages by Profession).
Linear
12 toolsStreamline issue tracking and project management via Linear — list teams, query issues, create comments and inspect cycles directly from any AI agent.