mcp

RAD Security MCP Server provides AI-powered security insights for Kubernetes and cloud environments by exposing a range of toolkit-based operations. You can start the server using a simple npx command, then configure environment variables to authenticate with Rad Security. The server supports filtering which toolkits are exposed, allowing you to tailor the available capabilities to your needs. Use the provided tools to inventory clusters, containers, identities, cloud resources, misconfigurations, runtime behavior, network activity, security findings, and more. Some operations can be accessed without authentication, but most require valid Rad Security credentials and a linked account. When running in different environments (Cursor IDE, Claude Desktop, or Docker), you can supply environment variables via start scripts, JSON configurations, or container runtime flags to enable only the desired toolkits or features.

Prerequisites:

• Node.js 20.x or higher installed on your machine
• npm (comes with Node.js) or pnpm/yarn as preferred

Installation steps:

1. Install the MCP server package from npm: npm install @rad-security/mcp-server

2. Prepare authentication and configuration:

   • Obtain RAD_SECURITY_ACCESS_KEY_ID, RAD_SECURITY_SECRET_KEY, and RAD_SECURITY_ACCOUNT_ID from Rad Security.
   • Optionally set RAD_SECURITY_TENANT_ID if you have a specific tenant to target.

3. Run the MCP server (example using npx as shown in the documentation): npx -y @rad-security/mcp-server

4. If you prefer to pin a version locally, you can install and run directly: npm install @rad-security/mcp-server@<version> node path/to/server.js [if you host a custom startup script]

5. Optional: start via Docker or other deployment methods described in the README if you need containerized execution.

Tips and notes:

• To restrict what toolkits are exposed, set INCLUDE_TOOLKITS or EXCLUDE_TOOLKITS in the environment. If INCLUDE_TOOLKITS is set, EXCLUDE_TOOLKITS is ignored.
• For use in environments without convenient interactive environment variable setup (e.g., Cursor IDE), use the provided start.sh or a JSON config for Claude Desktop as shown in the README.
• When running in Docker, you can enable Streamable HTTP transport with TRANSPORT_TYPE=streamable for efficient streaming APIs. The older SSE option is deprecated but still supported for backward compatibility.
• Several operations require authentication and an associated account; some read-only operations may be available without credentials.
• Ensure your credentials are kept secure; do not commit them to version control or expose them in public repositories.