zeropath
Open-source MCP server for querying ZeroPath security issues, patches, and scans using Claude, Cursor, Windsurf, or any AI assistant.
claude mcp add --transport stdio zeropathai-zeropath-mcp-server uvx --from git+https://github.com/ZeroPathAI/zeropath-mcp-server zeropath-mcp-server \ --env ZEROPATH_ORG_ID="your_org_id" \ --env ZEROPATH_BASE_URL="https://zeropath.com" \ --env ZEROPATH_TOKEN_ID="your_token_id" \ --env ZEROPATH_TOKEN_SECRET="your_token_secret"
How to use
ZeroPath MCP Server exposes ZeroPath security findings to MCP-compatible tools through a tRPC v2 API. The server reads its configuration at startup, loads the available MCP tools from the ZeroPath frontend manifest, and exposes them to MCP clients as JSON-formatted requests and responses. Tools are invoked via tRPC procedures (queries and mutations) and return structured results that are easy to consume in automation, SOC dashboards, or agent integrations. Typical usage involves authenticating with an API key provided by ZeroPath and then calling tools such as issues.list, issues.archive, rules.create, and stats.summary against your ZeroPath data. The server performs client-side validation against each tool’s input schema, returning a BAD_REQUEST error if inputs are invalid, while preserving authoritative server-side validation for schema features that are not supported on the client.
How to install
Prerequisites:
- Python 3.8+ installed on your system
- Access to a Python venv or system Python environment
- Network access to fetch the zeropath-mcp-server package from GitHub or PyPI
Option A: Quick install via UVX from GitHub (recommended for quick experiments)
-
Install and run the MCP server directly from GitHub:
uvx --from git+https://github.com/ZeroPathAI/zeropath-mcp-server zeropath-mcp-server
This pulls the package and runs the server in your environment.
-
If you prefer a specific version, pin it:
uvx --from "git+https://github.com/ZeroPathAI/zeropath-mcp-server@v0.1.0" zeropath-mcp-server
Option B: Install via pip and run locally (source or installed)
-
Install from GitHub (editable) and run the module:
pip install git+https://github.com/ZeroPathAI/zeropath-mcp-server.git uv sync
-
Run from source (clone and install development version):
git clone https://github.com/ZeroPathAI/zeropath-mcp-server.git cd zeropath-mcp-server uv sync
Option C: Install from PyPI (Optional)
-
If published to PyPI:
pip install zeropath-mcp-server
Then run using the installed entry point if provided by the package
Note: The exact invocation may vary based on how the package exposes the CLI. The examples above reflect the README guidance using uvx/uv for Python-based MCP setup.
Additional notes
Environment variables:
- ZEROPATH_BASE_URL: Base URL for ZeroPath API (defaults to https://zeropath.com). Use this to point to staging or another environment.
- ZEROPATH_TOKEN_ID / ZEROPATH_TOKEN_SECRET: API credentials for authenticating to ZeroPath.
- ZEROPATH_ORG_ID: Organization identifier in ZeroPath.
Tips:
- If you are testing locally, you can start with the GitHub URL approach to avoid installing the package system-wide.
- Ensure your API keys have the necessary permissions for the actions you intend to perform (read vs. write access).
- The MCP server loads tools dynamically from the frontend manifest at startup; ensure your ZeroPath instance is accessible and the manifest is available.
- When configuring MCP clients, you can switch between GitHub-based installation, source installation, or PyPI installation by adjusting the mcp config accordingly.
Related MCP Servers
MCP-Kali
MCP configuration to connect AI agent to a Linux machine.
awsome_kali_MCPServers
awsome kali MCPServers is a set of MCP servers tailored for Kali Linux
asterisk
Asterisk Model Context Protocol (MCP) server.
ggmcp
MCP server for scanning and remediating hardcoded secrets using GitGuardian’s API. Detect over 500 secret types and prevent credential leaks before code goes public.
Mcpwn
mcp security tester
mcp-ethical-hacking
MCP Ethical Hacking Security sample for educational
