MCP server for HackiAI security code analysis
Project description
hacki-mcp
Security code analysis for your IDE, powered by the HackiAI API.
hacki-mcp is a Model Context Protocol (MCP) server that brings HackiAI's security analysis directly into Claude Desktop, Cursor, VS Code, Claude Code, and any other MCP-compatible client.
Tools
| Tool | Description |
|---|---|
hacki_review_file |
Analyze a single file for security vulnerabilities |
hacki_review_files |
Analyze a list of files together |
hacki_review_directory |
Analyze a directory recursively |
hacki_review_modified |
Analyze all modified files in the repo (staged + unstaged + untracked) |
hacki_commit |
Analyze staged files and generate a suggested commit message |
hacki_get_history |
List past reviews with filters and pagination |
hacki_get_findings |
Get the findings for a specific review |
hacki_update_finding_status |
Mark a finding as resolved, ignored, or pending |
Usage
Just ask your AI agent in natural language. The agent decides which tool to call. If it searches your codebase instead of calling the tool, be explicit with the tool name.
Analyze a file
Review /home/user/project/app.py for security issues
Use hacki_review_file to analyze /home/user/project/app.py
Analyze multiple files together
Use hacki_review_files to analyze src/auth.py, src/models.py and src/api.py
Multi-file analysis automatically generates a code graph (AST + CFG + DFG) to detect cross-file vulnerabilities.
Analyze an entire directory
Run a security review on the /home/user/project/src directory
Use hacki_review_directory on ./src
Analyze everything modified in the repo
Captures staged, unstaged, and untracked files — no need to git add first:
Review all my changes
Use hacki_review_modified to check everything I've changed
Before committing — analyze staged files and get a commit message
Stage your files first (git add), then:
Use hacki_commit to review my staged changes and suggest a commit message
The tool returns a suggested commit message plus any security findings in the staged code.
Difference between hacki_review_modified and hacki_commit
| Tool | What it captures |
|---|---|
hacki_review_modified |
staged + unstaged + untracked (everything "dirty") |
hacki_commit |
staged only — also generates a commit message |
View past reviews
Show my last 10 security reviews
Use hacki_get_history with page 1 and size 10
Filter by filename or date:
Show reviews from the last week for files named auth
See the findings of a specific review
Copy the review ID from the history and ask:
Show the findings for review 59f862db-adb1-4f63-a920-fbfc42ee4f93
Get the critical and high severity findings for review <id>
Mark a finding as resolved
Mark finding <issue_id> in review <review_id> as resolved
Ignore finding <issue_id> in review <review_id>
Valid statuses: resolved, ignored, pending.
Typical workflow
1. Ask for your review history to find recent reviews
2. Ask for the findings of a specific review
3. Fix the issues in your code
4. Mark the findings as resolved
Requirements
A HackiAI API key. Get one at hacki.ai.
Installation
uvx — recommended, no install needed
uvx runs the server on demand without polluting your Python environment:
{
"mcpServers": {
"hacki": {
"command": "uvx",
"args": ["hacki-mcp@latest"],
"env": { "HACKI_API_KEY": "hacki_xxxx" }
}
}
}
pip
pip install hacki-mcp
Docker
docker pull hackiai/hacki-mcp
Configuration
Claude Desktop
Edit your config file:
- macOS:
~/Library/Application Support/Claude/claude_desktop_config.json - Windows:
%APPDATA%\Claude\claude_desktop_config.json
{
"mcpServers": {
"hacki": {
"command": "uvx",
"args": ["hacki-mcp@latest"],
"env": {
"HACKI_API_KEY": "hacki_xxxx"
}
}
}
}
Claude Code
claude mcp add hacki -- uvx hacki-mcp
Then add your API key in .claude/settings.json:
{
"mcpServers": {
"hacki": {
"command": "uvx",
"args": ["hacki-mcp@latest"],
"env": {
"HACKI_API_KEY": "hacki_xxxx"
}
}
}
}
Cursor
Add to ~/.cursor/mcp.json:
{
"mcpServers": {
"hacki": {
"command": "uvx",
"args": ["hacki-mcp@latest"],
"env": {
"HACKI_API_KEY": "hacki_xxxx"
}
}
}
}
VS Code (GitHub Copilot Agent)
Open the Command Palette (Ctrl+Shift+P) and run "MCP: Open User Configuration", then add:
{
"servers": {
"hacki": {
"command": "uvx",
"args": ["hacki-mcp@latest"],
"env": {
"HACKI_API_KEY": "hacki_xxxx"
}
}
}
}
Switch Copilot to Agent mode to use the tools.
Docker (any IDE)
Use this variant if you prefer not to install Python:
{
"mcpServers": {
"hacki": {
"command": "docker",
"args": ["run", "--rm", "-i", "-e", "HACKI_API_KEY", "hackiai/hacki-mcp"],
"env": {
"HACKI_API_KEY": "hacki_xxxx"
}
}
}
}
Already using the HackiAI CLI?
If you have run hacki login, your credentials are already stored at ~/.hacki_cli/config.json. The MCP reads them automatically — no HACKI_API_KEY needed in the config.
Code Graph
hacki-mcp automatically generates AST, IR, CFG, and DFG graphs (via hacki-graph) when analyzing multiple files. This significantly improves cross-file vulnerability detection.
Supported languages: Python, JavaScript, TypeScript, Java, C#, Go, PHP.
License
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file hacki_mcp-0.1.6.tar.gz.
File metadata
- Download URL: hacki_mcp-0.1.6.tar.gz
- Upload date:
- Size: 935.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.10.6 {"installer":{"name":"uv","version":"0.10.6","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a49a09bd875cd9cf89fa38d44700ee368e20054f9b15b47439f0e64a31dafc82
|
|
| MD5 |
123655fbec2cda3518e528fd814c63d1
|
|
| BLAKE2b-256 |
79516250c31cc58572bbe5c8f239ddfce33a7954228159742f31afb8b0174265
|
File details
Details for the file hacki_mcp-0.1.6-py3-none-any.whl.
File metadata
- Download URL: hacki_mcp-0.1.6-py3-none-any.whl
- Upload date:
- Size: 20.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.10.6 {"installer":{"name":"uv","version":"0.10.6","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a76e2c3d57885c004c5005a09b9d3005a9425d3f48fa0794d39c8ef75d14a49f
|
|
| MD5 |
8fdef413a4d27d0769854472f4673477
|
|
| BLAKE2b-256 |
bd9119ad6bbd1c9643ceaf8681444d26e5f92c8759d62240aa3e8dbfd73ea764
|