MCP
Install Slate MCP Server
Paste https://slatesecurity.ai/mcp into Claude, Cursor, or any MCP-compatible AI to get guided setup. This page contains everything needed to connect Slate Security and run scans from your agent.
What you get
The Slate MCP server exposes tools to create targets, start scans, poll status, and return findings — the same workflow as the CLI and API.
slate_list_scan_findings— List vulnerabilities for a scan with remediation steps.slate_get_finding— Get full finding detail including AI-ready fix prompt.slate_list_targets— List all scan targets in the workspace with scan counts.slate_list_scans— List scans, optionally filtered to one target.slate_scan_domain— Create a target, start a scan, and optionally wait for findings.slate_create_target— Create or return an existing scan target for a URL.slate_start_scan— Start a scan for an existing target (uses one credit).slate_get_scan— Get scan status, progress, and findings.
Setup
- Create an API key in the app: Settings → API keys. Keys start with
ba_and the full secret is shown only once. - Add the hosted MCP server config below to your AI client. Replace
<your-api-key>with your key in the Authorization header. - Restart the AI client so it picks up the new MCP server.
- Ask your agent to scan a domain, e.g. "Use Slate to scan staging.example.com and summarize critical findings."
Cursor / Claude (hosted)
Slate hosts the MCP server — no local install required. Open Cursor Settings → MCP, or edit ~/.cursor/mcp.json:
{
"mcpServers": {
"slate": {
"url": "https://mcp.slatesecurity.ai",
"headers": {
"Authorization": "Bearer <your-api-key>"
}
}
}
}Claude Desktop (hosted)
Edit ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or the equivalent path on Windows/Linux:
{
"mcpServers": {
"slate": {
"url": "https://mcp.slatesecurity.ai",
"headers": {
"Authorization": "Bearer <your-api-key>"
}
}
}
}Claude Code (hosted)
claude mcp add --transport http slate https://mcp.slatesecurity.ai --header "Authorization: Bearer <your-api-key>"Local fallback (npx)
If your client does not support remote MCP, use the stdio server via npx (Node.js 20+):
{
"mcpServers": {
"slate": {
"command": "npx",
"args": [
"-y",
"@slate-security/mcp-server"
],
"env": {
"SLATE_API_KEY": "<your-api-key>",
"SLATE_API_URL": "https://api.slatesecurity.ai"
}
}
}
}Environment variables
The hosted MCP server uses your API key in the Authorization header. The npx fallback uses environment variables instead:
SLATE_API_KEY(required for npx) — your Slate API keySLATE_API_URL(optional) — defaults tohttps://api.slatesecurity.ai
Machine-readable manifest
AI agents can fetch https://slatesecurity.ai/api/mcp/install for structured install metadata, agent instructions, and config snippets. The hosted MCP endpoint is https://mcp.slatesecurity.ai. NPM package (local fallback only): @slate-security/mcp-server.
More docs
See the MCP documentation for tool reference, troubleshooting, and examples.