Socket
A Model Context Protocol (MCP) server for Socket integration, allowing AI assistants to efficiently check dependency vulnerability scores and security information.
What is Socket?
Socket is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to model context protocol (mcp) server for socket integration, allowing ai assistants to efficiently check dependency vulnerability scores and security information.
A Model Context Protocol (MCP) server for Socket integration, allowing AI assistants to efficiently check dependency vulnerability scores and security information.
This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- A Model Context Protocol (MCP) server for Socket integration
Use Cases
Maintainer
Works with
Installation
NPM
npx -y @socketsecurity/mcpManual Installation
npx -y @socketsecurity/mcpConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use Socket
The Socket MCP server connects AI assistants directly to the Socket.dev security platform, enabling real-time dependency vulnerability analysis across npm, PyPI, Cargo, Maven, NuGet, RubyGems, Go Modules, Composer, and GitHub Actions ecosystems. It exposes tools to query supply chain risk scores, retrieve security alerts filtered by severity and category, and inspect published package files — all without leaving your AI workflow. Developers use it to catch malicious packages, typosquats, and obfuscated code before they enter production dependencies.
Prerequisites
- Node.js 18 or later (for npx self-hosted mode)
- A Socket.dev account — free tier available at socket.dev
- A Socket API token with at minimum the `packages:list` permission scope (for self-hosted mode; the public server uses OAuth)
- An MCP-compatible client such as Claude Desktop, Claude Code, or Cursor
Choose your deployment mode
Socket MCP offers two modes. The public hosted server at https://mcp.socket.dev/ requires only OAuth sign-in and no API key. The self-hosted stdio mode requires a Socket API token and runs locally via npx. Choose the public server for the fastest setup.
Add the public Socket MCP server (recommended)
Run this command to register the remote Socket MCP server with Claude Code. You will be prompted to sign in via browser OAuth on first use.
claude mcp add --transport http socket-mcp https://mcp.socket.dev/Or add the self-hosted server with your API token
If you prefer to run locally (e.g., for enterprise environments), obtain a Socket API token from your Socket dashboard and register the stdio server instead.
claude mcp add socket-mcp -e SOCKET_API_TOKEN="your-token" -- npx @socketsecurity/mcp@latestConfigure Claude Desktop (alternative clients)
If you use Claude Desktop rather than Claude Code, add the server block to your claude_desktop_config.json file under mcpServers.
{
"mcpServers": {
"socket-mcp": {
"command": "npx",
"args": ["-y", "@socketsecurity/mcp@latest"],
"env": {
"SOCKET_API_TOKEN": "your-socket-api-token"
}
}
}
}Verify the connection
Restart your MCP client and ask Claude to check a package. If the depscore tool returns a JSON result with supply chain and vulnerability metrics, the server is working correctly.
Socket Examples
Client configuration
Self-hosted stdio configuration for Claude Desktop using the @socketsecurity/mcp package.
{
"mcpServers": {
"socket-mcp": {
"command": "npx",
"args": ["-y", "@socketsecurity/mcp@latest"],
"env": {
"SOCKET_API_TOKEN": "your-socket-api-token"
}
}
}
}Prompts to try
Security queries you can ask once the Socket MCP server is connected.
- "Check the security score for express version 4.18.2"
- "Analyze the dependency vulnerabilities in my package.json"
- "What are the supply chain risk scores for react, lodash, and axios?"
- "Show me any malware alerts for packages published in the last 7 days"
- "Is the npm package event-stream safe to use?"Troubleshooting Socket
OAuth sign-in loop or token not persisting on the public server
Ensure your MCP client supports HTTP transport with OAuth. Claude Code supports this natively; Claude Desktop may require the self-hosted stdio mode instead.
SOCKET_API_TOKEN errors or 401 Unauthorized responses
Verify your token has the `packages:list` scope in the Socket dashboard under API Keys. Generate a new token if the scope is missing, and make sure no extra whitespace was copied into the env var.
npx hangs or fails to download the package
Run `npm cache clean --force` then retry. You can also pin to a specific version: `npx @socketsecurity/[email protected]` to avoid resolution issues.
Frequently Asked Questions about Socket
What is Socket?
Socket is a Model Context Protocol (MCP) server that model context protocol (mcp) server for socket integration, allowing ai assistants to efficiently check dependency vulnerability scores and security information. It connects AI assistants to external tools and data sources through a standardized interface.
How do I install Socket?
Install via npm with the command: npx -y @socketsecurity/mcp. Then add the server configuration to your AI client's JSON config file (e.g., claude_desktop_config.json or .cursor/mcp.json).
Which AI clients work with Socket?
Socket works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is Socket free to use?
Yes, Socket is open source and available under the MIT License license. You can use it freely in both personal and commercial projects.
Socket Alternatives — Similar Security Servers
Looking for alternatives to Socket? Here are other popular security servers you can use with Claude, Cursor, and VS Code.
Casdoor
★ 13.6kAn open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
ghidraMCP
★ 9.0kAn Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through
HexStrike AI
★ 8.9kHexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b
IDA Pro MCP
★ 8.7kEnables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.
Anthropic Cybersecurity Skills
★ 6.6k754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform
Hooker
★ 5.1k🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u
Browse More Security MCP Servers
Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up Socket in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use Socket?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.