MCPwner

MCPwner acts as a unified MCP server that orchestrates multiple security analysis tools (SAST, SCA, and secrets scanning) and streams structured results directly into the model's working context. It is designed to integrate with MCP-compatible clients (such as Claude, Cursor, or Kiro) and outputs findings in machine-readable formats (e.g., SARIF/JSON) to enable continuous reasoning, cross-tool correlation, and attack-path discovery. Users can issue natural language prompts like “Scan a GitHub repository for secrets” or “Run a security audit on my Python project,” and MCPwner will coordinate the appropriate toolchain (for example Gitleaks, TruffleHog, detect-secrets for secrets, Bandit for SAST, and OSV-Scanner for SCA) and deliver the results back to the agent in a unified, digestible format.

Once running, MCPwner exposes a consistent interface for selecting tools and viewing results. The integrated pipeline supports correlation across findings to help identify attack vectors and potential 0-day vulnerabilities, enabling more informed decisions during security research and remediation planning. The multi-agent, containerized design ensures reproducibility and isolation across different tool suites, while automatic persistence keeps workspace and metadata intact across restarts.

Prerequisites

• Docker Engine 20.10+ and Docker Compose 2.0+ (or as required by your deployment setup)
• 8 GB RAM minimum (16 GB recommended for running multiple tools in parallel)
• 20 GB free disk space for tool images and datasets
• Supported platforms: Linux, macOS, Windows (with WSL2 on Windows)
• MCP-compatible client (Claude Desktop, Cursor, Kiro, etc.)

Setup

1. Clone the repository:

   git clone https://github.com/yourusername/pigyon-mcpwner.git cd pigyon-mcpwner

2. Configure MCPwner (if applicable):

   • Edit any necessary configuration files (e.g., config/config.yaml) to tailor tool selections, tool-specific options, and output formats.

3. Start the services:

   docker-compose up -d --build

4. Verify that services are running:

   docker-compose ps

5. Connect MCPwner to your MCP client (e.g., Kiro, Cursor, Claude) by adding the appropriate MCP server entry to your client configuration. For one-click installation references, see the docs section with the install link for your client.

Notes

• If you are upgrading or modifying tool sets, rebuild containers with docker-compose up -d --build to ensure changes take effect.
• Ensure your environment has network access to required tool repositories and external resources (e.g., GitHub, OSV-Scanner databases).

Optional: Local development without Docker

• You can run MCPwner locally in a Python environment if you prefer. Refer to the developer docs for guidance on setting up the Python dependencies and launching the server module directly.

Environment variables and configuration:

• The MCPwner configuration may expose environment variables for tool toggles, API keys (for certain vulnerability databases), and storage paths. If you see placeholders in your config.yaml, replace them with real values or leave them as defaults if not required.
• Typical env vars might include: MCP_LOG_LEVEL, TOOL_PATHS, SECRET_API_KEYS, DATABASE_URL. Check the config.yaml.example for a full list and meanings.
• Output formats are designed for seamless consumption by MCP clients and downstream agents; you can toggle between SARIF and JSON outputs depending on client expectations.

Common issues:

• Docker images pull failures due to network or registry access; ensure your network allows pulling images and you have the correct image tag/name.
• Insufficient system RAM or CPU can cause timeouts when running multiple tools concurrently; increase resources or limit concurrent scans.
• Configuration drift after updates; re-validate config.yaml after upgrading MCPwner to ensure tool integrations remain aligned.

Tips:

• Regularly snapshot your workspace data to prevent loss during container restarts.
• Use the provided one-click install links to integrate MCPwner with your MCP client quickly.
• Review tool-specific logs in the container if a scan does not return results as expected.