Skip to main content

MCP server for HackiAI security code analysis

Project description

hacki-mcp

Security code analysis for your IDE, powered by the HackiAI API.

hacki-mcp is a Model Context Protocol (MCP) server that brings HackiAI's security analysis directly into Claude Desktop, Cursor, VS Code, Claude Code, and any other MCP-compatible client.

Tools

Tool Description
hacki_review_file Analyze a single file for security vulnerabilities
hacki_review_files Analyze a list of files together
hacki_review_directory Analyze a directory recursively
hacki_review_modified Analyze all modified files in the repo (staged + unstaged + untracked)
hacki_commit Analyze staged files and generate a suggested commit message
hacki_get_history List past reviews with filters and pagination
hacki_get_findings Get the findings for a specific review
hacki_update_finding_status Mark a finding as resolved, ignored, or pending

Usage

Just ask your AI agent in natural language. The agent decides which tool to call. If it searches your codebase instead of calling the tool, be explicit with the tool name.

Analyze a file

Review /home/user/project/app.py for security issues
Use hacki_review_file to analyze /home/user/project/app.py

Analyze multiple files together

Use hacki_review_files to analyze src/auth.py, src/models.py and src/api.py

Multi-file analysis automatically generates a code graph (AST + CFG + DFG) to detect cross-file vulnerabilities.

Analyze an entire directory

Run a security review on the /home/user/project/src directory
Use hacki_review_directory on ./src

Analyze everything modified in the repo

Captures staged, unstaged, and untracked files — no need to git add first:

Review all my changes
Use hacki_review_modified to check everything I've changed

Before committing — analyze staged files and get a commit message

Stage your files first (git add), then:

Use hacki_commit to review my staged changes and suggest a commit message

The tool returns a suggested commit message plus any security findings in the staged code.

Difference between hacki_review_modified and hacki_commit

Tool What it captures
hacki_review_modified staged + unstaged + untracked (everything "dirty")
hacki_commit staged only — also generates a commit message

View past reviews

Show my last 10 security reviews
Use hacki_get_history with page 1 and size 10

Filter by filename or date:

Show reviews from the last week for files named auth

See the findings of a specific review

Copy the review ID from the history and ask:

Show the findings for review 59f862db-adb1-4f63-a920-fbfc42ee4f93
Get the critical and high severity findings for review <id>

Mark a finding as resolved

Mark finding <issue_id> in review <review_id> as resolved
Ignore finding <issue_id> in review <review_id>

Valid statuses: resolved, ignored, pending.

Typical workflow

1. Ask for your review history to find recent reviews
2. Ask for the findings of a specific review
3. Fix the issues in your code
4. Mark the findings as resolved

Requirements

A HackiAI API key. Get one at hacki.ai.

Installation

uvx — recommended, no install needed

uvx runs the server on demand without polluting your Python environment:

{
  "mcpServers": {
    "hacki": {
      "command": "uvx",
      "args": ["hacki-mcp@latest"],
      "env": { "HACKI_API_KEY": "hacki_xxxx" }
    }
  }
}

pip

pip install hacki-mcp

Docker

docker pull hackiai/hacki-mcp

Configuration

Claude Desktop

Edit your config file:

  • macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
  • Windows: %APPDATA%\Claude\claude_desktop_config.json
{
  "mcpServers": {
    "hacki": {
      "command": "uvx",
      "args": ["hacki-mcp@latest"],
      "env": {
        "HACKI_API_KEY": "hacki_xxxx"
      }
    }
  }
}

Claude Code

claude mcp add hacki -- uvx hacki-mcp

Then add your API key in .claude/settings.json:

{
  "mcpServers": {
    "hacki": {
      "command": "uvx",
      "args": ["hacki-mcp@latest"],
      "env": {
        "HACKI_API_KEY": "hacki_xxxx"
      }
    }
  }
}

Cursor

Add to ~/.cursor/mcp.json:

{
  "mcpServers": {
    "hacki": {
      "command": "uvx",
      "args": ["hacki-mcp@latest"],
      "env": {
        "HACKI_API_KEY": "hacki_xxxx"
      }
    }
  }
}

VS Code (GitHub Copilot Agent)

Open the Command Palette (Ctrl+Shift+P) and run "MCP: Open User Configuration", then add:

{
  "servers": {
    "hacki": {
      "command": "uvx",
      "args": ["hacki-mcp@latest"],
      "env": {
        "HACKI_API_KEY": "hacki_xxxx"
      }
    }
  }
}

Switch Copilot to Agent mode to use the tools.

Docker (any IDE)

Use this variant if you prefer not to install Python:

{
  "mcpServers": {
    "hacki": {
      "command": "docker",
      "args": ["run", "--rm", "-i", "-e", "HACKI_API_KEY", "hackiai/hacki-mcp"],
      "env": {
        "HACKI_API_KEY": "hacki_xxxx"
      }
    }
  }
}

Already using the HackiAI CLI?

If you have run hacki login, your credentials are already stored at ~/.hacki_cli/config.json. The MCP reads them automatically — no HACKI_API_KEY needed in the config.

Code Graph

hacki-mcp automatically generates AST, IR, CFG, and DFG graphs (via hacki-graph) when analyzing multiple files. This significantly improves cross-file vulnerability detection.

Supported languages: Python, JavaScript, TypeScript, Java, C#, Go, PHP.

License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

hacki_mcp-0.1.6.tar.gz (935.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

hacki_mcp-0.1.6-py3-none-any.whl (20.0 kB view details)

Uploaded Python 3

File details

Details for the file hacki_mcp-0.1.6.tar.gz.

File metadata

  • Download URL: hacki_mcp-0.1.6.tar.gz
  • Upload date:
  • Size: 935.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.6 {"installer":{"name":"uv","version":"0.10.6","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}

File hashes

Hashes for hacki_mcp-0.1.6.tar.gz
Algorithm Hash digest
SHA256 a49a09bd875cd9cf89fa38d44700ee368e20054f9b15b47439f0e64a31dafc82
MD5 123655fbec2cda3518e528fd814c63d1
BLAKE2b-256 79516250c31cc58572bbe5c8f239ddfce33a7954228159742f31afb8b0174265

See more details on using hashes here.

File details

Details for the file hacki_mcp-0.1.6-py3-none-any.whl.

File metadata

  • Download URL: hacki_mcp-0.1.6-py3-none-any.whl
  • Upload date:
  • Size: 20.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.6 {"installer":{"name":"uv","version":"0.10.6","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}

File hashes

Hashes for hacki_mcp-0.1.6-py3-none-any.whl
Algorithm Hash digest
SHA256 a76e2c3d57885c004c5005a09b9d3005a9425d3f48fa0794d39c8ef75d14a49f
MD5 8fdef413a4d27d0769854472f4673477
BLAKE2b-256 bd9119ad6bbd1c9643ceaf8681444d26e5f92c8759d62240aa3e8dbfd73ea764

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page