MCP Setup

Give your AI agent 53 security tools, 7 catalog resources, and a triage prompt. One config, zero signup.

Docs: Tool Selection Guide · Endpoints · Prompts · Resources

1 Claude Desktop

Edit ~/.claude/claude_desktop_config.json:

json{
  "mcpServers": {
    "contrastapi": {
      "command": "npx",
      "args": ["-y", "mcp-remote", "https://api.contrastcyber.com/mcp/"]
    }
  }
}

Restart Claude Desktop. Done.

2 Cursor

Add to .cursor/mcp.json in your project root:

json{
  "mcpServers": {
    "contrastapi": {
      "command": "npx",
      "args": ["-y", "mcp-remote", "https://api.contrastcyber.com/mcp/"]
    }
  }
}

3 VS Code (Claude Code)

Add to .mcp.json in your project root:

json{
  "mcpServers": {
    "contrastapi": {
      "command": "npx",
      "args": ["-y", "mcp-remote", "https://api.contrastcyber.com/mcp/"]
    }
  }
}

4 Windsurf

Add to ~/.codeium/windsurf/mcp_config.json:

json{
  "mcpServers": {
    "contrastapi": {
      "command": "npx",
      "args": ["-y", "mcp-remote", "https://api.contrastcyber.com/mcp/"]
    }
  }
}

5 OpenClaw

Run this command in your terminal (adds ContrastAPI to OpenClaw's gateway config):

bashopenclaw mcp set contrastapi '{"url":"https://api.contrastcyber.com/mcp/","transport":"streamable-http"}'

Or edit your OpenClaw config directly and add under mcp.servers:

json{
  "mcp": {
    "servers": {
      "contrastapi": {
        "url": "https://api.contrastcyber.com/mcp/",
        "transport": "streamable-http"
      }
    }
  }
}

6 LM Studio

One-click install (requires LM Studio 0.3.17+):

Add to LM Studio

Or add manually via Program → Install → Edit mcp.json:

json{
  "mcpServers": {
    "contrastapi": {
      "url": "https://api.contrastcyber.com/mcp/"
    }
  }
}

7 Any MCP Client (HTTP)

Use the remote HTTP transport directly:

httpPOST https://api.contrastcyber.com/mcp/
Content-Type: application/json
Accept: application/json, text/event-stream

{"jsonrpc":"2.0","id":1,"method":"initialize",
 "params":{"protocolVersion":"2025-03-26",
   "capabilities":{},
   "clientInfo":{"name":"my-app","version":"1.0"}}}

8 Pro API Key (optional)

Free tier (30 req/hr) works without a key. Add a Pro key to unlock 500 req/hr and full AbuseIPDB + Shodan reputation enrichment on /v1/domain/, /v1/ip/, and /v1/threat-report/.

stdio transport (Claude Desktop, Cursor, VS Code, Windsurf, Cline) — pass the key via mcp-remote's --header flag; env holds the raw value:

json{
  "mcpServers": {
    "contrastapi": {
      "command": "npx",
      "args": [
        "-y", "mcp-remote", "https://api.contrastcyber.com/mcp/",
        "--header", "Authorization: Bearer ${CONTRASTAPI_API_KEY}"
      ],
      "env": { "CONTRASTAPI_API_KEY": "cc_..." }
    }
  }
}

HTTP transport (LM Studio, OpenClaw, generic HTTP clients) — add headers:

json{
  "mcpServers": {
    "contrastapi": {
      "url": "https://api.contrastcyber.com/mcp/",
      "headers": { "Authorization": "Bearer cc_..." }
    }
  }
}

Get a Pro key ($15/mo): api.contrastcyber.com/pricing — or email [email protected].

Ask your AI

Recon & Domain

"Run a full security audit on example.com"
"Give me a quick domain summary for example.com (DNS + WHOIS + SSL, skip full audit)"
"What are the DNS records for example.com?"
"What's the MX record for example.com?"
"Is the SSL certificate on example.com expiring soon?"
"What technologies does example.com use?"
"Check the security headers on example.com"
"Find all subdomains of example.com"
"Who registered example.com and when does it expire?"
"Does example.com have proper SPF and DMARC records?"
"Show me the Wayback Machine snapshots for example.com"

CVE & Exploits

"Look up CVE-2024-3094 — is it being exploited in the wild?"
"Find critical Apache vulnerabilities published between 2025-01-01 and 2025-06-30"
"Show me all CISA KEV entries from the last 30 days"
"Find CVEs with EPSS score above 0.9 — what's most likely to be exploited?"
"Search for critical Linux kernel CVEs, sorted by exploit probability"
"Are there public exploits for CVE-2021-44228?"
"Check these CVEs in bulk: CVE-2024-3094, CVE-2021-44228, CVE-2023-4863"
"Show me CVEs that were indexed before NVD — what's leading right now?"

IP & Network

"Is 8.8.8.8 malicious? Pull reputation from AbuseIPDB and Shodan."
"Generate a threat report for 8.8.8.8 — include Shodan, AbuseIPDB, and ASN data"
"What ASN does 1.1.1.1 belong to?"

Threat Intelligence / IOC

"Check example.com for known malware URLs"
"Enrich this IOC: 185.220.101.1"
"Enrich these indicators in bulk: 185.220.101.1, evil-example.test, 44d88612fea8a8f36de82e1278abb02f"
"Check if http://evil-example.test/login is a phishing URL"
"Has this password been exposed in a data breach?"
"Is this file hash known malware? a1b2c3d4e5f6..."

Code Security

"Check this code for hardcoded API keys and secrets"
"Scan this function for SQL injection vulnerabilities"
"Validate these HTTP security headers"
"Check if these npm dependencies have known CVEs: [email protected], [email protected]"

Contact Validation / OSINT

"Verify [email protected] — is it syntax-valid, does the domain accept mail, and is it a role address?"
"Is [email protected] a disposable email?"
"Is [email protected] a personal address (free provider) or could it be a corporate one?"
"Look up this phone number: +1-555-0123"
"Find accounts for username 'johndoe' across platforms"

Web Intelligence (v1.25.0)

"Get the parsed robots.txt for github.com — what paths does it disallow for our UA?"
"Walk the redirect chain for https://bit.ly/3xyz and tell me where it actually lands"
"Pull brand assets for stripe.com — favicon, og:image, theme color, JSON-LD logo"
"Run a one-page SEO audit on example.com and list the missing_signals"
"Audit the SEO of my homepage and rank what needs fixing first"

MITRE ATLAS (AI/ML Threats)

"Look up MITRE ATLAS technique AML.T0051 (LLM Prompt Injection) and explain how it bridges to ATT&CK"
"Find ATLAS techniques about prompt injection or jailbreaks"
"Show me real-world ML attack case studies — anything involving ChatGPT plugins?"
"Drill these ATLAS techniques in bulk: AML.T0051, AML.T0043, AML.T0061"

MITRE D3FEND (Defense Mapping)

"What D3FEND defenses mitigate ATT&CK T1059 (command/scripting)?"
"Look up D3FEND TokenBinding — which ATT&CK techniques does it mitigate?"
"For these ATT&CK techniques [T1059, T1190, T1550.001, T9999], which have NO D3FEND mitigation?"
"Find D3FEND Harden defenses targeting Access Tokens"

CWE / KEV

"Look up CWE-79 (XSS) — description, mitigations, parent/child weakness chain"
"What's the CISA KEV federal patch deadline for CVE-2021-44228?"
"Is this CVE ransomware-associated per the KEV catalog?"

Chained Workflows

"Audit example.com, then look up CVEs for every technology detected"
"Find all subdomains of example.com, check the SSL on each, and report any expiring in the next 30 days"
"Enrich these 20 IPs and tell me which ones are in AbuseIPDB's high-risk bucket"
"List leading CVEs and check if any have public exploits"
"Verify these 50 emails from a lead-list dump — flag disposable, role, and free-provider addresses"
"Score the SEO of these 5 prospect homepages and rank them by missing_signals count"
"Run /contrast-triage on AML.T0051 from the blue-team perspective"