Are scans executed locally or in the cloud?

Scans run on the StackHawk cloud infrastructure. The MCP integration only triggers and monitors them — no heavy processing happens in your AI context.

Why is the `login` step required?

The StackHawk API uses short-lived Bearer tokens. The `login` tool exchanges your API key for a session token that authenticates all subsequent requests.

Can the agent triage alerts automatically?

Yes. Use `triage_alert` to mark specific vulnerabilities as false positives, accepted risks, or confirmed issues. Each triage action targets a single alert by ID.

StackHawk MCP Server

Name: StackHawk
Availability: InStock
Author: Vinkius

stackhawk.com

Built by Vinkius GDPR ToolsFree

Connect your AI to the StackHawk DAST platform. Run automated security scans, triage alerts seamlessly, and find vulnerabilities effortlessly.

Vinkius AI Gateway supports streamable HTTP and SSE.

Works with every AI agent you already use

…and any MCP-compatible client

StackHawk MCP Server: see your AI Agent in action

AI Agent→Vinkius→StackHawk

You

Vinkius AI Gateway

GDPR·High Security·Kill Switch·Ultra-Low Latency·Plug and Play

Built-in capabilities (10)

get_application_details

Get detailed configuration for a specific StackHawk application

get_organization_details

Get StackHawk organization details and subscription tier

get_scan_alerts

Download individual security alerts discovered by a DAST scan

get_scan_results

Get detailed results and metadata for a specific DAST scan

list_api_keys

Useful for auditing and hygiene. List API keys configured for a StackHawk organization

list_applications

Requires a Bearer token and organization ID. List all registered DAST applications in a StackHawk organization

list_environments

g., Development, Staging, Production) configured on the application. List configured scan environments for a StackHawk application

list_scans

Includes scan IDs and high-level alert counts. List all DAST scan executions for a StackHawk application

This token is required for all subsequent StackHawk tool calls. Authenticate and obtain a Bearer access token from StackHawk

triage_alert

Valid statuses: RISK_ACCEPTED, FALSE_POSITIVE, IN_PROGRESS. Triage a DAST security alert (accept risk, false positive, etc.)

What this connector unlocks

Integrate the robust dynamic application security testing (DAST) capabilities of StackHawk directly into your conversational AI. Empower your engineering team to monitor system vulnerabilities, initiate complex scans, and orchestrate proactive security protocols without relying heavily on static dashboards. Connect securely to your workspaces, instruct your AI to assess ongoing security threats, and automatically classify alerts through a natural language interface designed to accelerate risk remediation across modern CI/CD pipelines.

What you can do

Automated Scanning — Programmatically initiate comprehensive security evaluations across your environments utilizing run_scan, and halt operations securely targeting specific execution UUIDs via stop_scan.
Risk Assessment — Effectively audit environments by listing operational scans with list_scans, or retrieve deep vulnerability reports invoking get_alerts targeting specific scan iterations.
Application Management — Catalog active software deployments monitored by StackHawk utilizing list_applications, and manage organizational parameters inspecting environments directly via list_environments.
Triage & Operations — Authenticate securely establishing a valid operational bearer token with login, and instruct the AI to accurately qualify, dismiss, or assign statuses prioritizing critical mitigation efforts using triage_alert.

How it works

1. Install the StackHawk MCP module configuring it directly with your active AI assistant.
2. Supply your proprietary StackHawk API Token to authenticate requests safely within the MCP setting.
3. Instruct the AI: "Retrieve the most critical security alerts from the last scan of our 'Production-Core' application, and triage any false positives."

Who is this for?

DevSecOps Engineers — Streamline and enforce secure software integration effortlessly instructing the system to perform real-time verification analysis dynamically.
Engineering Leaders — Monitor organizational compliance metrics easily interacting through language commands retrieving holistic cross-application threat landscapes.
Backend Developers — Quickly identify security regression issues caused by newly deployed microservices parsing scans directly in the development terminal.

Frequently asked questions

Give your AI agents the power of StackHawk

Access StackHawk and 2,000+ MCP servers — ready for your agents to use, right now. No glue code. No custom integrations. Just plug Vinkius AI Gateway and let your agents work.

DETAILS

CategorySecurity Compliance

Arlo Smart

11 tools

Control Arlo security cameras — view recordings, arm/disarm devices, and manage security modes via Arlo Smart API.

ClearSale

5 tools

Manage e-commerce fraud prevention via ClearSale — submit orders for analysis, monitor fraud scores, and track status updates directly from any AI agent.

Chargeblast

8 tools

Manage chargeback prevention and dispute alerts via Chargeblast — intercept disputes, automate refunds, and audit deflection logs directly from any AI agent.

Square

10 tools

Manage payments, orders, catalog, customers, inventory, locations, and team members for your Square business through natural conversation.

Pipeliner

10 tools

Manage sales pipelines and opportunities via Pipeliner CRM — list leads, track deals, and monitor activities directly from any AI agent.

IPRoyal (Proxy Services)

10 tools

Manage proxies via IPRoyal — monitor traffic, rotate credentials, and manage whitelisted IPs.