Skip to main content

MCP server for HackiAI security code analysis

Project description

hacki-mcp

Security code analysis for your IDE, powered by the HackiAI API.

hacki-mcp is a Model Context Protocol (MCP) server that brings HackiAI's security analysis directly into Claude Desktop, Cursor, VS Code, Claude Code, and any other MCP-compatible client.

Tools

Tool Description
hacki_review_file Analyze a single file for security vulnerabilities
hacki_review_files Analyze a list of files together
hacki_review_directory Analyze a directory recursively
hacki_commit Analyze staged files and generate a suggested commit message
hacki_get_history List past reviews with filters and pagination
hacki_get_findings Get the findings for a specific review
hacki_update_finding_status Mark a finding as resolved, ignored, or pending

Usage

Just ask your AI agent in natural language. The agent decides which tool to call. If it searches your codebase instead of calling the tool, be explicit with the tool name.

Analyze a file

Review /home/user/project/app.py for security issues
Use hacki_review_file to analyze /home/user/project/app.py

Analyze multiple files together

Use hacki_review_files to analyze src/auth.py, src/models.py and src/api.py

Multi-file analysis automatically generates a code graph (AST + CFG + DFG) to detect cross-file vulnerabilities.

Analyze an entire directory

Run a security review on the /home/user/project/src directory
Use hacki_review_directory on ./src

Before committing — analyze staged files

Stage your files first (git add), then:

Use hacki_commit to review my staged changes and suggest a commit message

The tool returns a suggested commit message plus any security findings in the staged code.

View past reviews

Show my last 10 security reviews
Use hacki_get_history with page 1 and size 10

Filter by filename or date:

Show reviews from the last week for files named auth

See the findings of a specific review

Copy the review ID from the history and ask:

Show the findings for review 59f862db-adb1-4f63-a920-fbfc42ee4f93
Get the critical and high severity findings for review <id>

Mark a finding as resolved

Mark finding <issue_id> in review <review_id> as resolved
Ignore finding <issue_id> in review <review_id>

Valid statuses: resolved, ignored, pending.

Typical workflow

1. Ask for your review history to find recent reviews
2. Ask for the findings of a specific review
3. Fix the issues in your code
4. Mark the findings as resolved

Requirements

A HackiAI API key. Get one at hacki.ai.

Installation

uvx — recommended, no install needed

uvx runs the server on demand without polluting your Python environment:

{
  "mcpServers": {
    "hacki": {
      "command": "uvx",
      "args": ["hacki-mcp@latest"],
      "env": { "HACKI_API_KEY": "hacki_xxxx" }
    }
  }
}

pip

pip install hacki-mcp

Docker

docker pull hackiai/hacki-mcp

Configuration

Claude Desktop

Edit your config file:

  • macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
  • Windows: %APPDATA%\Claude\claude_desktop_config.json
{
  "mcpServers": {
    "hacki": {
      "command": "uvx",
      "args": ["hacki-mcp@latest"],
      "env": {
        "HACKI_API_KEY": "hacki_xxxx"
      }
    }
  }
}

Claude Code

claude mcp add hacki -- uvx hacki-mcp

Then add your API key in .claude/settings.json:

{
  "mcpServers": {
    "hacki": {
      "command": "uvx",
      "args": ["hacki-mcp@latest"],
      "env": {
        "HACKI_API_KEY": "hacki_xxxx"
      }
    }
  }
}

Cursor

Add to ~/.cursor/mcp.json:

{
  "mcpServers": {
    "hacki": {
      "command": "uvx",
      "args": ["hacki-mcp@latest"],
      "env": {
        "HACKI_API_KEY": "hacki_xxxx"
      }
    }
  }
}

VS Code (GitHub Copilot Agent)

Open the Command Palette (Ctrl+Shift+P) and run "MCP: Open User Configuration", then add:

{
  "servers": {
    "hacki": {
      "command": "uvx",
      "args": ["hacki-mcp@latest"],
      "env": {
        "HACKI_API_KEY": "hacki_xxxx"
      }
    }
  }
}

Switch Copilot to Agent mode to use the tools.

Docker (any IDE)

Use this variant if you prefer not to install Python:

{
  "mcpServers": {
    "hacki": {
      "command": "docker",
      "args": ["run", "--rm", "-i", "-e", "HACKI_API_KEY", "hackiai/hacki-mcp"],
      "env": {
        "HACKI_API_KEY": "hacki_xxxx"
      }
    }
  }
}

Already using the HackiAI CLI?

If you have run hacki login, your credentials are already stored at ~/.hacki_cli/config.json. The MCP reads them automatically — no HACKI_API_KEY needed in the config.

Code Graph

hacki-mcp automatically generates AST, IR, CFG, and DFG graphs (via hacki-graph) when analyzing multiple files. This significantly improves cross-file vulnerability detection.

Supported languages: Python, JavaScript, TypeScript, Java, C#, Go, PHP.

License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

hacki_mcp-0.1.2.tar.gz (928.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

hacki_mcp-0.1.2-py3-none-any.whl (19.1 kB view details)

Uploaded Python 3

File details

Details for the file hacki_mcp-0.1.2.tar.gz.

File metadata

  • Download URL: hacki_mcp-0.1.2.tar.gz
  • Upload date:
  • Size: 928.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.6 {"installer":{"name":"uv","version":"0.10.6","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}

File hashes

Hashes for hacki_mcp-0.1.2.tar.gz
Algorithm Hash digest
SHA256 7d1d97810662cc290c84a3ba82ca68a420022f83b45943b7374d65fdd764901a
MD5 053752f8af5deb1ec3843900c3aeb473
BLAKE2b-256 10dc8725a5019e93c43f913f7b78f045b97a7b94a5f69b9c47e7694dacdb4f40

See more details on using hashes here.

File details

Details for the file hacki_mcp-0.1.2-py3-none-any.whl.

File metadata

  • Download URL: hacki_mcp-0.1.2-py3-none-any.whl
  • Upload date:
  • Size: 19.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.6 {"installer":{"name":"uv","version":"0.10.6","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}

File hashes

Hashes for hacki_mcp-0.1.2-py3-none-any.whl
Algorithm Hash digest
SHA256 bfa22acd0c99f3271488f3ad88296c212c484135189336f0f6207a8ad711d651
MD5 582321c6c5fe6ff0d65b3b8daf48b75a
BLAKE2b-256 3e3161875116150ac473599f2a2e70cc11ac8cc9e99960ee52d04a3d80d4a4eb

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page