Is Nuclei Mcp safe to use?

Nuclei Mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.

How do I install Nuclei Mcp?

Nuclei Mcp supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What AI clients work with Nuclei Mcp?

Nuclei Mcp is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.

Is Nuclei Mcp actively maintained?

Nuclei Mcp is less actively maintained — last commit was 299 days ago. It has 46 GitHub stars.

Nuclei Mcp

Name: Nuclei Mcp
Author: addcontent

@modelcontextprotocol/inspector · by addcontent

An implementation of a Model Context Protocol (MCP) for the Nuclei scanner. This tool enables context-aware vulnerability scanning by intelligently providing models and context to the scanning engine, allowing for more efficient and targeted template execution

46 196.7k/wk 0 tools GitHub npm

No known CVEs

MIT license

Stale

Last commit 299d ago

Works with most clients

Transport: stdio, sse, http

0 tools

Grade F

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "nuclei-scanner": {
      "env": {
        "NUCLEI_MCP_SERVER_PORT": "3000",
        "NUCLEI_MCP_CACHE_ENABLED": "true"
      },
      "args": [
        "run",
        "cmd/nuclei-mcp/main.go"
      ],
      "command": "go"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/nuclei-mcp)](https://mcppedia.org/s/nuclei-mcp)

Read me

What Nuclei Mcp does

A Model Context Protocol (MCP) server implementation that integrates Nuclei, a fast and customizable vulnerability scanner, with the MCP ecosystem. This server provides a standardized interface for performing security scans and managing vulnerability assessments programmatically.

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y '@modelcontextprotocol/inspector' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

54/100across 5 weighted dimensions

How we score →

0255075100

−46

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

2 fixed

CVE-2025-58444medium · fixedCVSS 4

MCP Inspector is Vulnerable to Potential Command Execution via XSS When Connecting to an Untrusted MCP Server

An XSS flaw exists in the MCP Inspector local development tool when it renders a redirect URL returned by a remote MCP server. If the Inspector connects to an untrusted server, a crafted redirect can inject script into the Inspector context and, via the built-in proxy, be leveraged to trigger arbitrary command execution on the developer machine. Version 0.16.6 hardens URL handling/validation and prevents script execution. > Thank you to the following researchers for their reports and contributi

Affected: >= 0Fixed in 0.16.6source →

CVE-2025-49596medium · fixedCVSS 4

MCP Inspector proxy server lacks authentication between the Inspector client and proxy

Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio. Users should immediately upgrade to version 0.14.1 or later to address these vulnerabilities. Credit: Rémy Marot <bughunters@tenable.com>

Affected: >= 0Fixed in 0.14.1source →

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Nuclei Mcp safe to use?: Nuclei Mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install Nuclei Mcp?: Nuclei Mcp supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with Nuclei Mcp?: Nuclei Mcp is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is Nuclei Mcp actively maintained?: Nuclei Mcp is less actively maintained — last commit was 299 days ago. It has 46 GitHub stars.

Similar servers

Others in security

View all →

Evil Mcp Server93

An evil MCP server used for redteam testing

30 1

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

9.0k 3

io.github.jasonxkensei/xproof92

Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.

1 1

Mcpki Server92

mcpki-server is the backend infrastructure for https://www.mcpki.org, enabling secure public key management and autonomous certificate handling for large language models (LLMs).

MCP Security Weekly

Get CVE alerts and security updates for Nuclei Mcp and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "nuclei-scanner": {
      "env": {
        "NUCLEI_MCP_SERVER_PORT": "3000",
        "NUCLEI_MCP_CACHE_ENABLED": "true"
      },
      "args": [
        "run",
        "cmd/nuclei-mcp/main.go"
      ],
      "command": "go"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/nuclei-mcp)](https://mcppedia.org/s/nuclei-mcp)

Read me

What Nuclei Mcp does

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y '@modelcontextprotocol/inspector' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

README

Nuclei MCP Integration

Features

Vulnerability Scanning: Perform comprehensive security scans using Nuclei's powerful scanning engine
Template Management: Add, list, and manage custom Nuclei templates
Result Caching: Configurable caching system to optimize repeated scans
Concurrent Operations: Thread-safe implementation for high-performance scanning
RESTful API: Standardized interface for integration with other MCP-compliant tools
Detailed Reporting: Structured vulnerability reports with severity levels and remediation guidance

Tools & Endpoints

Core Tools

nuclei_scan: Perform a full Nuclei scan with advanced filtering options
basic_scan: Quick scan with minimal configuration
vulnerability_resource: Query and retrieve scan results
add_template: Add custom Nuclei templates
list_templates: View available templates
get_template: Retrieve details of a specific template

Getting Started

Prerequisites

Nuclei (will be automatically downloaded if not present)
Node.js 14+ (for MCP Inspector, optional)

Installation

Option 1: Download Pre-built Binary (Recommended)

Download the latest release for your platform from the Releases page
Extract the archive

Run the binary:

# Linux/macOS
./nuclei-mcp

# Windows
nuclei-mcp.exe

Option 2: Install with Go

go install github.com/your-org/nuclei-mcp/cmd/nuclei-mcp@latest

Option 3: Build from Source

Clone the repository:

git clone https://github.com/your-org/nuclei-mcp.git
cd nuclei-mcp

Install dependencies:
```
go mod download
```

Build and run:

go build -o nuclei-mcp ./cmd/nuclei-mcp
./nuclei-mcp

Running the Server

Start the MCP server:

# If using pre-built binary
./nuclei-mcp

# If built from source
go run cmd/nuclei-mcp/main.go

Using the MCP Inspector

For development and testing, use the MCP Inspector:

# Install the MCP Inspector globally
npm install -g @modelcontextprotocol/inspector

# Start the inspector with the Nuclei MCP server
npx @modelcontextprotocol/inspector go run cmd/nuclei-mcp/main.go

The inspector UI will be available at http://localhost:5173

Configuration

Configuration can be managed through a YAML configuration file or environment variables. The server looks for configuration in the following locations (in order of precedence):

File specified by --config flag
config.yaml in the current directory
$HOME/.nuclei-mcp/config.yaml
/etc/nuclei-mcp/config.yaml

Configuration File Example

Create a config.yaml file with the following structure:

server:
  name: "nuclei-mcp"
  version: "1.0.0"
  port: 3000
  host: "127.0.0.1"

cache:
  enabled: true
  expiry: 1h
  max_size: 1000

logging:
  level: "info"
  path: "./logs/nuclei-mcp.log"
  max_size_mb: 10
  max_backups: 5
  max_age_days: 30
  compress: true

nuclei:
  templates_directory: "nuclei-templates"
  timeout: 5m
  rate_limit: 150
  bulk_size: 25
  template_threads: 10
  headless: false
  show_browser: false
  system_resolvers: true

Environment Variables

All configuration options can also be set using environment variables with the NUCLEI_MCP_ prefix (e.g., NUCLEI_MCP_SERVER_PORT=3000). Nested configuration can be set using double underscores (e.g., NUCLEI_MCP_LOGGING_LEVEL=debug).

MCP Client Configuration

To connect an MCP client to the Nuclei MCP server, use the following connection parameters:

Transport: stdio (when runn

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

54/100across 5 weighted dimensions

How we score →

0255075100

−46

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

2 fixed

CVE-2025-58444medium · fixedCVSS 4

MCP Inspector is Vulnerable to Potential Command Execution via XSS When Connecting to an Untrusted MCP Server

Affected: >= 0Fixed in 0.16.6source →

CVE-2025-49596medium · fixedCVSS 4

MCP Inspector proxy server lacks authentication between the Inspector client and proxy

Affected: >= 0Fixed in 0.14.1source →

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Nuclei Mcp safe to use?: Nuclei Mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install Nuclei Mcp?: Nuclei Mcp supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with Nuclei Mcp?: Nuclei Mcp is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is Nuclei Mcp actively maintained?: Nuclei Mcp is less actively maintained — last commit was 299 days ago. It has 46 GitHub stars.

Similar servers

Others in security

View all →

Evil Mcp Server93

An evil MCP server used for redteam testing

30 1

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

9.0k 3

io.github.jasonxkensei/xproof92

Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.

1 1

Mcpki Server92

mcpki-server is the backend infrastructure for https://www.mcpki.org, enabling secure public key management and autonomous certificate handling for large language models (LLMs).

MCP Security Weekly

Get CVE alerts and security updates for Nuclei Mcp and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?