ghost
Model Context Protocol (MCP) server for the Ghost Security API
claude mcp add --transport stdio ghostsecurity-ghost-mcp-server node dist/index.js \ --env GHOST_SECURITY_API_KEY="your-ghost-security-api-key" \ --env GHOST_SECURITY_REPO_ID="optional-repo-id" \ --env GHOST_SECURITY_BASE_URL="https://api.ghostsecurity.ai/v2"
How to use
This MCP server implements the Ghost Security API (V2) and exposes MCP-compatible tools for managing security findings and repository data. It includes a CLI chatbot powered by Claude for quick interactive queries against the Ghost Security data, along with a full set of endpoints to query findings, retrieve repository information, and update finding statuses. Developers can connect any MCP client (Claude Desktop, ChatGPT, etc.) using the standard MCP configuration format and ship commands to fetch or mutate data via the Ghost Security API keys provided at startup. The server supports repository scoping via environment variables or CLI arguments, enabling focused operations on a single repository when needed.
How to install
Prerequisites:
- Node.js (LTS) and npm installed
- Git installed
- Access to a Ghost Security API key
Install and build (standard workflow):
- Clone the repository git clone https://github.com/ghostsecurity/ghost-mcp-server
- Change into the directory cd ghost-mcp-server
- Install dependencies npm install
- Build the project npm run build
Run the server (example):
- With environment variable (recommended): export GHOST_SECURITY_API_KEY="your-api-key" export GHOST_SECURITY_BASE_URL="https://api.ghostsecurity.ai/v2" # optional, defaults to v2 export GHOST_SECURITY_REPO_ID="optional-repo-id" # optional npm start
Or start directly with the compiled JS using a CLI argument: node dist/index.js "your-api-key" "optional-repo-id"
Connecting to MCP clients:
- Use the standard MCP configuration format shown in this docs: { "mcpServers": { "ghost-security": { "command": "node", "args": ["dist/index.js"], "env": { "GHOST_SECURITY_API_KEY": "your-api-key", "GHOST_SECURITY_BASE_URL": "https://api.ghostsecurity.ai/v2", "GHOST_SECURITY_REPO_ID": "optional-repo-id" } } } }
Additional notes
Environment variables: If you scope to a repository, set GHOST_SECURITY_REPO_ID to the desired repository ID. The API key must be kept secret and not exposed in logs. When deploying, consider running in a managed environment and rotating API keys regularly. The CLI chatbot can be invoked via npm run chat after exporting ANTHROPIC_API_KEY and GHOST_SECURITY_API_KEY. If you encounter connectivity or permission issues, verify that the GHOST_SECURITY_BASE_URL points to the correct Ghost Security API endpoint and that your API key has appropriate scopes for the requested operations.
Related MCP Servers
zen
Selfhosted notes app. Single golang binary, notes stored as markdown within SQLite, full-text search, very low resource usage
MCP -Deepseek_R1
A Model Context Protocol (MCP) server implementation connecting Claude Desktop with DeepSeek's language models (R1/V3)
mcp-fhir
A Model Context Protocol implementation for FHIR
mcp
Inkdrop Model Context Protocol Server
mcp-appium-gestures
This is a Model Context Protocol (MCP) server providing resources and tools for Appium mobile gestures using Actions API..
dubco -npm
The (Unofficial) dubco-mcp-server enables AI assistants to manage Dub.co short links via the Model Context Protocol. It provides three MCP tools: create_link for generating new short URLs, update_link for modifying existing links, and delete_link for removing short links.
