squirrelscan
GitHub

MCP Server

Run squirrelscan as a local MCP server so agents like Claude Code and Cursor can audit websites directly

The squirrelscan CLI ships a local Model Context Protocol (MCP) server. It speaks stdio JSON-RPC and exposes squirrelscan’s audit engine and cloud features as tools your agent can call directly — no shell piping, no glue code.

bash
squirrel mcp

The server runs in the foreground and communicates over stdin/stdout. You normally don’t run it by hand — your agent launches it for you using the config below.

Prerequisites

Install the CLI first (see Installation) and confirm it’s on your PATH:

bash
squirrel self version

Connect Claude Code

Add the server with the Claude Code CLI:

bash
claude mcp add squirrelscan -- squirrel mcp

Or add it to your project’s .mcp.json (checked in, shared with your team):

json
{
  "mcpServers": {
    "squirrelscan": {
      "command": "squirrel",
      "args": ["mcp"]
    }
  }
}

Restart Claude Code and the squirrelscan tools become available. Ask it to “audit example.com with squirrelscan” and it will call audit_website.

Connect Cursor

Add squirrelscan to .cursor/mcp.json in your project (or ~/.cursor/mcp.json for all projects):

json
{
  "mcpServers": {
    "squirrelscan": {
      "command": "squirrel",
      "args": ["mcp"]
    }
  }
}

Open Cursor Settings → MCP to confirm the server is connected, then prompt the agent to audit a site.

Other MCP clients

Any MCP-compatible client can launch the server. Configure a stdio server with:

  • Command: squirrel
  • Args: ["mcp"]

Tools

ToolAuthDescription
audit_websiteNone*Full deterministic audit of a URL; returns an LLM-optimized report. Accepts coverage (quick/surface/full), maxPages, and offline.
quick_checkNoneFast, local-only single-pass health check of one URL.
list_rulesNoneList every built-in audit rule (id, name, category, severity).
get_ruleNoneFull definition of one rule by id (e.g. core/meta-title).
list_auditsLoginYour org’s currently running/pending audits.
get_reportLoginFetch a published audit report by its audit id.
list_issuesLoginOpen, supplant-aware issue state for a website.
get_issueLoginA single audit issue by website + number.
comment_on_issueLoginPost a comment on an audit issue.

Authentication

Cloud tools use the same credential as the rest of the CLI: a squirrel auth login session, or a SQUIRREL_API_TOKEN environment variable (see Authentication). When no credential is present, cloud tools return a clear “Not logged in” message instead of failing.

Edit this page

Type to search…

↑↓ navigate open esc close