Is io.github.shyshlakov/pci-dss-mcp safe to use?

io.github.shyshlakov/pci-dss-mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install io.github.shyshlakov/pci-dss-mcp?

io.github.shyshlakov/pci-dss-mcp can be installed by cloning its GitHub repository and following the setup instructions in the README.

What AI clients work with io.github.shyshlakov/pci-dss-mcp?

io.github.shyshlakov/pci-dss-mcp is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio transport.

io.github.shyshlakov/pci-dss-mcp

PCI DSS v4.0.1 compliance scanner for Go payment services, delivered as an MCP server

0 tools GitHub

No known CVEs

No license

Maintenance unknown

No commit data

Untested

Transport: stdio

0 tools

Grade F

Finance Legal

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Untested on Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "io-github-shyshlakov-pci-dss-mcp": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-shyshlakov-pci-dss-mcp)](https://mcppedia.org/s/io-github-shyshlakov-pci-dss-mcp)

Read me

What io.github.shyshlakov/pci-dss-mcp does

PCI DSS v4.0.1 compliance scanner for Go payment services, delivered as an MCP server

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

15/100across 5 weighted dimensions

How we score →

0255075100

−85

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Help improve this page

This server is missing a description. Tools and install config are also missing.If you've used it, help the community.

Add information

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.shyshlakov/pci-dss-mcp safe to use?: io.github.shyshlakov/pci-dss-mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.shyshlakov/pci-dss-mcp?: io.github.shyshlakov/pci-dss-mcp can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with io.github.shyshlakov/pci-dss-mcp?: io.github.shyshlakov/pci-dss-mcp is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio transport.

Similar servers

Others in finance / legal

View all →

Alpha Vantage Mcp95

Real-time financial market data: stocks, forex, crypto, commodities, and economic indicators

125 3

Mcp_massive91

An MCP server for Massive.com Financial Market Data

307 4

Plugin Syntax Object Rest Spread90

Allow parsing of object rest/spread

43.9k 4

A11y Mcp88

An MCP (Model Context Protocol) server for performing accessibility audits on webpages using axe-core. Use the results in an agentic loop with your favorite AI assistants (Amp/Cline/Cursor/GH Copilot) and let them fix a11y issues for you!

40 2

MCP Security Weekly

Get CVE alerts and security updates for io.github.shyshlakov/pci-dss-mcp and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Finance Legal

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Untested on Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "io-github-shyshlakov-pci-dss-mcp": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-shyshlakov-pci-dss-mcp)](https://mcppedia.org/s/io-github-shyshlakov-pci-dss-mcp)

Read me

What io.github.shyshlakov/pci-dss-mcp does

PCI DSS v4.0.1 compliance scanner for Go payment services, delivered as an MCP server

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

README

pci-dss-mcp

Narrow-and-deep PCI DSS v4.0.1 compliance scanner for Go payment services, delivered as an MCP server.

Every finding maps to a specific PCI DSS requirement ID. Taint-aware cardholder data flow analysis with PCI SSC FAQ semantics. Runs inside Claude Desktop, Claude Code, and Cursor via the Model Context Protocol. Designed to complement broad security tools like Semgrep, CodeQL, and LLM-based agentic code review — not replace them.

What it does

pci-dss-mcp is a static compliance scanner for Go payment service codebases that checks code against PCI DSS v4.0.1. It runs as an MCP server, so your AI-assisted editor (Claude Desktop, Claude Code, Cursor) can invoke it directly during development.

Instead of "Here's a list of 894 security issues, good luck prioritizing them", you get (real output, trimmed):

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
PCI DSS v4.0.1 Compliance Report
Target: testdata/vulnerable-payment-service
Duration: 1957ms | Files: 615 | Lines: 9142
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

40 CRITICAL, 80 HIGH, 25 MEDIUM findings
(0 LOW, 35 INFO informational findings not shown)

--- Requirement 3: Protect Stored Account Data ---

[CRITICAL] 3.3.1 -- SAD Not Retained After Authorization
  internal/service/tokens/logging.go:11
  Sensitive authentication data 'cvv' passed to logging function slog.Info
  Fix: Remove SAD from log output. SAD must not be retained after authorization per PCI DSS 3.3.1.

Every finding carries requirement_id, severity, file_path, line, and a triage hint so your AI editor can verify the finding against the real code and flag false positives automatically. See docs/requirement-mapping.md for the canonical rule_id to requirement_id table.

What pci-dss-mcp is NOT

Not a replacement for broad SAST. Use Semgrep, CodeQL, or gosec for OWASP Top-10 and language-agnostic vulnerabilities.
Not a replacement for LLM-based code review. pci-dss-mcp maps payment-specific issues to PCI DSS requirement IDs; LLM agents catch broad bugs via reasoning. The two layers compose.
Not Go-agnostic. Go-specific AST patterns and taint flow tracing are what make the precision possible.
Not a QSA replacement. Static analysis covers ~5.6% of PCI DSS v4.0.1 requirements. A Qualified Security Assessor must sign off on the rest.

See docs/comparison.md for a detailed feature comparison with Semgrep, CodeQL, gosec, Snyk Code, and Claude Code.

Install

pci-dss-mcp ships as a Go module and as a prebuilt OCI image on ghcr.io. Both paths produce byte-identical scan results on the golden fixture.

Go install

Requires Go 1.25+:

go install github.com/shyshlakov/pci-dss-mcp@latest

The binary lands at $(go env GOPATH)/bin/pci-dss-mcp and reads your source files directly, so there is no bind-mount step in the Usage sections below. See docs/install-from-source.md for PATH resolution, the macOS codesign provenance workaround, and the MCP client JSON config for the go-install variant.

Docker

Pull the signed multi-arch image (linu

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

15/100across 5 weighted dimensions

How we score →

0255075100

−85

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Help improve this page

This server is missing a description. Tools and install config are also missing.If you've used it, help the community.

Add information

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.shyshlakov/pci-dss-mcp safe to use?: io.github.shyshlakov/pci-dss-mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.shyshlakov/pci-dss-mcp?: io.github.shyshlakov/pci-dss-mcp can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with io.github.shyshlakov/pci-dss-mcp?: io.github.shyshlakov/pci-dss-mcp is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio transport.