ContrastAPI

Name: ContrastAPI
Author: UPinar

UPinar/contrastapi

Let your coding agent query CVEs, dependency risk, OSINT, and code-security signals without signing up for a separate threat-intel API.

Overview

ContrastAPI is a MCP server for the Ship phase that exposes 31 no-key security tools for CVE, OSINT, threat intel, dependency audit, and code security over streamable HTTP.

What is this MCP server?

31 MCP tools covering CVE lookup, OSINT, threat intel, dependency audit, and code security in one remote server
340K+ CVE records with EPSS and CISA KEV context for prioritization
Streamable HTTP remote at api.contrastcyber.com—no API key required to register
Version 1.9.0 with open-source repo at github.com/UPinar/contrastapi
Fits agent-driven ship checks and build-time integration wiring in Claude Code or Cursor
31 MCP tools documented in the server description
340K+ CVE coverage with EPSS and KEV context cited in catalog copy
Server version 1.9.0; remote URL https://api.contrastcyber.com/mcp/

Compatible agents: Claude Code, Cursor, Codex, Windsurf

Community signal: 28 GitHub stars.

What problem does it solve?

Agents guess at severity and miss EPSS/KEV context because CVE and dependency data live outside the coding session.

Who is it for?

Indie builders running agent-assisted security or dependency reviews on real codebases without buying a separate intel API first.

Skip if: Teams that need on-prem-only tooling, formal pen-test deliverables, or guaranteed SLAs from a paid vendor contract.

What do I get? / Deliverables

Your agent returns prioritized vuln and dependency findings from Contrast’s catalog so you can fix or defer issues before release.

Agent-queryable CVE and EPSS/KEV-enriched answers for prioritized patching
Dependency and code-security signals usable in pre-ship review notes
Repeatable OSINT and threat-intel lookups from the same MCP registration

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

Security review and release gates live in Ship; this MCP is the canonical shelf for pre-launch and ongoing vuln checks. Dependency audit, CVE EPSS/KEV enrichment, and code-security tooling map directly to the security subphase before and after you ship.

How it compares

Remote security MCP integration, not a local SKILL.md audit checklist or generic web-search skill.

Common Questions / FAQ

Who is ContrastAPI for?

Solo and small-team builders using AI coding agents who want CVE, OSINT, and dependency-security tools wired into the same session as their repo work.

When should I use ContrastAPI?

Use it during Ship security passes, before merging risky dependencies, or when triaging a reported CVE on a library you ship in production.

How do I add ContrastAPI to my agent?

Add the streamable HTTP MCP remote https://api.contrastcyber.com/mcp/ in your client’s MCP settings; no API key is required per the server manifest.

ContrastAPI

UPinar/contrastapi

Let your coding agent query CVEs, dependency risk, OSINT, and code-security signals without signing up for a separate threat-intel API.

Overview

ContrastAPI is a MCP server for the Ship phase that exposes 31 no-key security tools for CVE, OSINT, threat intel, dependency audit, and code security over streamable HTTP.

What is this MCP server?

31 MCP tools covering CVE lookup, OSINT, threat intel, dependency audit, and code security in one remote server
340K+ CVE records with EPSS and CISA KEV context for prioritization
Streamable HTTP remote at api.contrastcyber.com—no API key required to register
Version 1.9.0 with open-source repo at github.com/UPinar/contrastapi
Fits agent-driven ship checks and build-time integration wiring in Claude Code or Cursor
31 MCP tools documented in the server description
340K+ CVE coverage with EPSS and KEV context cited in catalog copy
Server version 1.9.0; remote URL https://api.contrastcyber.com/mcp/

Compatible agents: Claude Code, Cursor, Codex, Windsurf

Community signal: 28 GitHub stars.

What problem does it solve?

Agents guess at severity and miss EPSS/KEV context because CVE and dependency data live outside the coding session.

Who is it for?

Indie builders running agent-assisted security or dependency reviews on real codebases without buying a separate intel API first.

Skip if: Teams that need on-prem-only tooling, formal pen-test deliverables, or guaranteed SLAs from a paid vendor contract.

What do I get? / Deliverables

Your agent returns prioritized vuln and dependency findings from Contrast’s catalog so you can fix or defer issues before release.

Agent-queryable CVE and EPSS/KEV-enriched answers for prioritized patching
Dependency and code-security signals usable in pre-ship review notes
Repeatable OSINT and threat-intel lookups from the same MCP registration

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

How it compares

Remote security MCP integration, not a local SKILL.md audit checklist or generic web-search skill.

Common Questions / FAQ

Who is ContrastAPI for?

Solo and small-team builders using AI coding agents who want CVE, OSINT, and dependency-security tools wired into the same session as their repo work.

When should I use ContrastAPI?

Use it during Ship security passes, before merging risky dependencies, or when triaging a reported CVE on a library you ship in production.

How do I add ContrastAPI to my agent?

Add the streamable HTTP MCP remote https://api.contrastcyber.com/mcp/ in your client’s MCP settings; no API key is required per the server manifest.

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is ContrastAPI for?

When should I use ContrastAPI?

How do I add ContrastAPI to my agent?

This week for builders

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is ContrastAPI for?

When should I use ContrastAPI?

How do I add ContrastAPI to my agent?