MCP client setup
Exact config for connecting Claude Code, Cursor, Codex CLI, VS Code, Windsurf, and Gemini CLI to the hosted squirrelscan MCP server
Every client below connects to the same hosted endpoint:
https://mcp.squirrelscan.com/mcp
The transport is streamable HTTP, and each client gives you the same two ways in:
- OAuth (recommended for a human at an editor). Point the client at the URL with no auth headers. It discovers the authorization server, registers itself, and runs a browser sign-in. Nothing secret lands in a config file.
- API key (recommended for CI, containers, and shared configs). Set an
Authorization: Bearer sq_...header, ideally from theSQUIRRELSCAN_API_KEYenvironment variable so the key stays out of the file. Mint one withsquirrel keys create --shell.
For the full picture of how auth, credits, and the tool surface work, start at the Hosted MCP server guide. This page is just the copy-paste config for each client.
Claude Code
The one-liner does the OAuth flow for you (dynamic client registration, no client id needed):
claude mcp add --transport http squirrelscan https://mcp.squirrelscan.com/mcpThen, inside a session, run /mcp, select squirrelscan, and choose Authenticate. Your browser opens for sign-in and org selection. From the shell without a session, claude mcp login squirrelscan (Claude Code v2.1.186+) does the same; add --no-browser for headless or SSH (v2.1.191+). Clear tokens with claude mcp logout squirrelscan.
Add with no headers to force the OAuth path:
claude mcp add --transport http squirrelscan https://mcp.squirrelscan.com/mcpEquivalent JSON entry in .mcp.json, ~/.claude.json, or via claude mcp add-json:
{
"mcpServers": {
"squirrelscan": {
"type": "http",
"url": "https://mcp.squirrelscan.com/mcp"
}
}
}Tokens are stored in your OS keychain, never in the config file, so a committed .mcp.json stays safe.
Pass the header on the add command:
claude mcp add --transport http squirrelscan https://mcp.squirrelscan.com/mcp \
--header "Authorization: Bearer $SQUIRRELSCAN_API_KEY"Or as JSON with env-var interpolation so the key never lands in the file:
{
"mcpServers": {
"squirrelscan": {
"type": "http",
"url": "https://mcp.squirrelscan.com/mcp",
"headers": { "Authorization": "Bearer ${SQUIRRELSCAN_API_KEY}" }
}
}
}Scope. claude mcp add defaults to --scope local (private, current project only). Use --scope project to write the team-shared .mcp.json (committed to git; teammates approve it once), or --scope user to add it for every project on your machine.
Cursor
Cursor auto-negotiates the transport, so a remote server entry only needs a url. Both the editor and the Cursor CLI (agent) read the same file.
{
"mcpServers": {
"squirrelscan": {
"url": "https://mcp.squirrelscan.com/mcp"
}
}
}Save it, then open Settings → Customize (labelled Tools & Integrations in some builds), find squirrelscan, and click Needs login to run the browser flow. From the CLI, agent mcp login squirrelscan does the same.
{
"mcpServers": {
"squirrelscan": {
"url": "https://mcp.squirrelscan.com/mcp",
"headers": {
"Authorization": "Bearer ${env:SQUIRRELSCAN_API_KEY}"
}
}
}
}${env:NAME} interpolates a shell/system environment variable at connect time. Cursor does not read a .env file for remote servers, so export SQUIRRELSCAN_API_KEY in your shell profile or CI environment.
Scope. .cursor/mcp.json in a repo scopes the server to that project; ~/.cursor/mcp.json makes it available everywhere. The schema is identical, so the entry copies between them.
Codex CLI
The codex mcp commands write to ~/.codex/config.toml.
codex mcp add squirrelscan --url https://mcp.squirrelscan.com/mcp
codex mcp login squirrelscancodex mcp login opens the browser, runs PKCE with a local loopback callback, and stores the token encrypted (Codex CLI 0.140.0+), not in config.toml. codex mcp logout squirrelscan clears it.
codex mcp add squirrelscan --url https://mcp.squirrelscan.com/mcp \
--bearer-token-env-var SQUIRRELSCAN_API_KEYCodex reads SQUIRRELSCAN_API_KEY at connect time and sends it as Authorization: Bearer <value>. Export it in your shell or CI first.
The equivalent config.toml block, whether in the global file or a project .codex/config.toml:
[mcp_servers.squirrelscan]
url = "https://mcp.squirrelscan.com/mcp"
# bearer_token_env_var = "SQUIRRELSCAN_API_KEY" # omit if using OAuthScope. codex mcp add/login only touch the global ~/.codex/config.toml. To scope squirrelscan to one project, hand-write the same [mcp_servers.squirrelscan] block into <project>/.codex/config.toml, which is honored only once the project is trusted.
VS Code Copilot
VS Code’s built-in MCP client (v1.101+) auto-runs the OAuth handshake for a remote server, so a minimal entry needs only the URL.
{
"servers": {
"squirrelscan": {
"type": "http",
"url": "https://mcp.squirrelscan.com/mcp"
}
}
}On first connection VS Code discovers the authorization server, registers a client, and opens a browser for sign-in. Manage the grant under Accounts → Manage Trusted MCP Servers.
Use a prompted input so the key is stored in secret storage, not plaintext:
{
"inputs": [
{
"type": "promptString",
"id": "squirrelscan-api-key",
"description": "squirrelscan API key",
"password": true
}
],
"servers": {
"squirrelscan": {
"type": "http",
"url": "https://mcp.squirrelscan.com/mcp",
"headers": {
"Authorization": "Bearer ${input:squirrelscan-api-key}"
}
}
}
}Save either block via Command Palette → MCP: Add Server (choose HTTP), or write it to .vscode/mcp.json (workspace, safe to commit) or the user mcp.json (Command Palette → MCP: Open User Configuration, applies everywhere).
Windsurf (Devin Desktop)
Windsurf was rebranded Devin Desktop by Cognition in 2026. The in-app name changed, but the config file paths and JSON keys are unchanged. The remote-server key is serverUrl.
{
"mcpServers": {
"squirrelscan": {
"serverUrl": "https://mcp.squirrelscan.com/mcp"
}
}
}Save it, reload the server from the MCP panel, then click the Authorize prompt that appears next to squirrelscan to run the browser flow.
{
"mcpServers": {
"squirrelscan": {
"serverUrl": "https://mcp.squirrelscan.com/mcp",
"headers": {
"Authorization": "Bearer ${env:SQUIRRELSCAN_API_KEY}"
}
}
}
}${env:VAR} and ${file:/path} interpolation both work inside headers, so export SQUIRRELSCAN_API_KEY rather than hardcoding the key.
Config file. The standalone editor reads ~/.codeium/windsurf/mcp_config.json; the Windsurf plugin for JetBrains or VS Code reads ~/.codeium/mcp_config.json (no windsurf segment). The file is not auto-created, so make it if missing. There is no project-scoped MCP config, it is user/global only.
Gemini CLI
gemini mcp add writes httpUrl for a streamable-HTTP server. Note the --scope user flag, since the default scope is the current project.
gemini mcp add --transport http --scope user \
squirrelscan https://mcp.squirrelscan.com/mcpResulting ~/.gemini/settings.json:
{
"mcpServers": {
"squirrelscan": {
"httpUrl": "https://mcp.squirrelscan.com/mcp"
}
}
}OAuth is auto-discovered on first connect, or trigger it in the REPL with /mcp auth squirrelscan. Tokens cache in ~/.gemini/mcp-oauth-tokens.json.
gemini mcp add --transport http --scope user \
--header "Authorization: Bearer $SQUIRRELSCAN_API_KEY" \
squirrelscan https://mcp.squirrelscan.com/mcpWhich writes:
{
"mcpServers": {
"squirrelscan": {
"httpUrl": "https://mcp.squirrelscan.com/mcp",
"headers": {
"Authorization": "Bearer $SQUIRRELSCAN_API_KEY"
}
}
}
}Env-var expansion ($VAR, ${VAR}) works in any settings value. When a static header is present, OAuth discovery never fires, which is what you want in CI.
Scope. --scope user writes ~/.gemini/settings.json for every project. Drop the flag to write .gemini/settings.json in the current project instead.
Related
- Hosted MCP server - what the server does, the full tool list, and how credits work
- Authentication - API keys, scopes, and
SQUIRRELSCAN_API_KEY squirrel keys- mint and manage keys from the terminalsquirrel mcp- the local stdio server, for free offline audits