human

The HUMAN Security MCP Server exposes two integrated suites: Cyberfraud Protection and Code Defender Security. When you add the server to your MCP configuration, your AI assistant can query traffic analytics, real-time attack monitoring, attack investigations, and account security insights, as well as client-side security checks like supply chain monitoring, PCI DSS compliance, and security header analysis. The server automatically detects which services you have access to based on your tokens and enables the corresponding tools. Use the available tokens to grant the right access levels for your environment, and then issue natural language prompts or structured requests to retrieve security insights, trends, or specific incident details.

Typical usage involves querying for trends (e.g., attack trends over a period), drilling into particular accounts or events, assessing third-party scripts on pages, and evaluating PCI DSS compliance posture. The tools are segmented into Cyberfraud Protection (Traffic Data, Attack Reporting, Account Information, Custom Rules) and Code Defender Security (Security Incidents, Script Inventory, Header Inventory). You can mix and match across services in a single session as your tokens authorize access to those capabilities.

Prerequisites:

• Node.js and npm installed on the host machine
• An MCP client or environment that supports MCP configuration (e.g., Claude Desktop, Cursor, or your own MCP runner)
• API tokens for HUMAN Cyberfraud and HUMAN Code Defender

Installation steps:

1. Ensure Node.js is installed. Verify with: node -v npm -v

2. Install or run the MCP server using npx for the HUMAN Security package. Add the following to your MCP configuration (examples below are the recommended setup):

{
  "mcpServers": {
    "human-security": {
      "command": "npx",
      "args": ["-y", "@humansecurity/human-mcp-server"],
      "env": {
        "HUMAN_CYBERFRAUD_API_TOKEN": "your-cyberfraud-token",
        "HUMAN_CODE_DEFENDER_API_TOKEN": "your-code-defender-token"
      }
    }
  }
}

3. If you prefer Docker, you can run the MCP server container and pass the tokens as environment variables:

docker run --rm -i \
  -e HUMAN_CYBERFRAUD_API_TOKEN=<value> \
  -e HUMAN_CODE_DEFENDER_API_TOKEN=<value> \
  us-docker.pkg.dev/hmn-registry-public/containers/human-mcp-server:latest

4. If you use Docker, update your MCP client configuration to invoke the Docker command instead of npx, e.g.:

{
  "mcpServers": {
    "human-security": {
      "command": "docker",
      "args": [
        "run", "--rm", "-i",
        "-e", "HUMAN_CYBERFRAUD_API_TOKEN",
        "-e", "HUMAN_CODE_DEFENDER_API_TOKEN",
        "us-docker.pkg.dev/hmn-registry-public/containers/human-mcp-server:latest"
      ],
      "env": {
        "HUMAN_CYBERFRAUD_API_TOKEN": "your-cyberfraud-token",
        "HUMAN_CODE_DEFENDER_API_TOKEN": "your-code-defender-token"
      }
    }
  }
}

5. If you need to customize endpoints or timeouts, you can add optional environment variables such as HUMAN_API_HOST, HUMAN_API_VERSION, or HTTP_TIMEOUT_MS as described in the documentation.

Tips and common considerations:

• Ensure your tokens are kept secure and not committed to source control.
• The MCP server auto-detects accessible services based on tokens; you can enable only the needed capabilities to minimize surface area.
• Optional configuration supports overriding the API endpoint and version via HUMAN_API_HOST and HUMAN_API_VERSION.
• If you experience timeouts, consider adjusting HTTP_TIMEOUT_MS (milliseconds).
• For Claude Desktop or Cursor users, the MCP config edits will point to claude_desktop_config.json or mcp.json respectively; the server is designed to be drop-in compatible with those editors.