MCP

Install Slate MCP Server

Paste https://slatesecurity.ai/mcp into Claude, Cursor, or any MCP-compatible AI to get guided setup. This page contains everything needed to connect Slate Security and run scans from your agent.

What you get

The Slate MCP server exposes tools to create targets, start scans, poll status, and return findings — the same workflow as the CLI and API.

  • slate_list_scan_findings List vulnerabilities for a scan with remediation steps.
  • slate_get_finding Get full finding detail including AI-ready fix prompt.
  • slate_list_targets List all scan targets in the workspace with scan counts.
  • slate_list_scans List scans, optionally filtered to one target.
  • slate_scan_domain Create a target, start a scan, and optionally wait for findings.
  • slate_create_target Create or return an existing scan target for a URL.
  • slate_start_scan Start a scan for an existing target (uses one credit).
  • slate_get_scan Get scan status, progress, and findings.

Setup

  1. Create an API key in the app: Settings → API keys. Keys start with ba_ and the full secret is shown only once.
  2. Add the hosted MCP server config below to your AI client. Replace <your-api-key> with your key in the Authorization header.
  3. Restart the AI client so it picks up the new MCP server.
  4. Ask your agent to scan a domain, e.g. "Use Slate to scan staging.example.com and summarize critical findings."

Cursor / Claude (hosted)

Slate hosts the MCP server — no local install required. Open Cursor Settings → MCP, or edit ~/.cursor/mcp.json:

{
  "mcpServers": {
    "slate": {
      "url": "https://mcp.slatesecurity.ai",
      "headers": {
        "Authorization": "Bearer <your-api-key>"
      }
    }
  }
}

Claude Desktop (hosted)

Edit ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or the equivalent path on Windows/Linux:

{
  "mcpServers": {
    "slate": {
      "url": "https://mcp.slatesecurity.ai",
      "headers": {
        "Authorization": "Bearer <your-api-key>"
      }
    }
  }
}

Claude Code (hosted)

claude mcp add --transport http slate https://mcp.slatesecurity.ai --header "Authorization: Bearer <your-api-key>"

Local fallback (npx)

If your client does not support remote MCP, use the stdio server via npx (Node.js 20+):

{
  "mcpServers": {
    "slate": {
      "command": "npx",
      "args": [
        "-y",
        "@slate-security/mcp-server"
      ],
      "env": {
        "SLATE_API_KEY": "<your-api-key>",
        "SLATE_API_URL": "https://api.slatesecurity.ai"
      }
    }
  }
}

Environment variables

The hosted MCP server uses your API key in the Authorization header. The npx fallback uses environment variables instead:

  • SLATE_API_KEY (required for npx) — your Slate API key
  • SLATE_API_URL (optional) — defaults to https://api.slatesecurity.ai

Machine-readable manifest

AI agents can fetch https://slatesecurity.ai/api/mcp/install for structured install metadata, agent instructions, and config snippets. The hosted MCP endpoint is https://mcp.slatesecurity.ai. NPM package (local fallback only): @slate-security/mcp-server.

More docs

See the MCP documentation for tool reference, troubleshooting, and examples.