VulnFeed

Name: VulnFeed
Author: infai-tech

infai-tech/vulnfeed-mcp

Scan dependencies for CVEs with EPSS prioritization through nine MCP tools, using the free tier or a paid license key.

Overview

io.github.infai-tech/vulnfeed is a MCP server for the Ship phase that provides 9 dependency vulnerability tools with EPSS scoring via stdio PyPI.

What is this MCP server?

9 MCP tools for dependency vulnerability scanning with EPSS scoring
PyPI package vulnfeed-mcp (version 0.3.3) with stdio transport
Free tier works without VULNFEED_API_KEY; optional Polar.sh license for paid tier
x402 payment model mentioned for extended commercial use
Focused on supply-chain risk, not penetration testing exploitation
9 MCP tools documented in catalog description
Server version 0.3.3 on PyPI identifier vulnfeed-mcp
Free tier available without API key; optional VULNFEED_API_KEY for paid tier

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

What problem does it solve?

Dependency CVE noise piles up in lockfiles and solo builders lack a fast, agent-friendly way to prioritize what to fix before shipping.

Who is it for?

Indie developers who want free-tier MCP vulnerability scanning with optional paid license for heavier EPSS-backed workflows.

Skip if: Organizations that need on-prem-only scanning with no external API, or teams seeking active exploit pentesting rather than dependency intelligence.

What do I get? / Deliverables

After registering vulnfeed-mcp, your agent can run EPSS-aware vulnerability scans so you patch the highest-risk packages with a clearer order of operations.

Stdio VulnFeed MCP server connected to your agent
EPSS-informed vulnerability findings on project dependencies
Repeatable pre-ship and post-update security scan workflow

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

Dependency vulnerability review belongs in ship security gates and continues in operate when new CVEs land. VulnFeed is a dependency scanner with EPSS scoring—canonical shelf is ship → security alongside pre-release supply-chain checks.

How it compares

Dependency CVE and EPSS scanner MCP, not a Razorpay billing connector or CPU profiler.

Common Questions / FAQ

Who is io.github.infai-tech/vulnfeed for?

Solo builders and small teams shipping npm, Python, or mixed stacks who want coding agents to run dependency vulnerability checks with EPSS prioritization.

When should I use io.github.infai-tech/vulnfeed?

Use it in ship security before releases, when dependencies update, or in operate when monitoring for newly disclosed CVEs affecting your lockfile.

How do I add io.github.infai-tech/vulnfeed to my agent?

Install vulnfeed-mcp from PyPI, configure stdio in your MCP client, optionally set VULNFEED_API_KEY for paid tier, then enable the server and run its 9 tools from your agent.

VulnFeed

infai-tech/vulnfeed-mcp

Scan dependencies for CVEs with EPSS prioritization through nine MCP tools, using the free tier or a paid license key.

Overview

io.github.infai-tech/vulnfeed is a MCP server for the Ship phase that provides 9 dependency vulnerability tools with EPSS scoring via stdio PyPI.

What is this MCP server?

9 MCP tools for dependency vulnerability scanning with EPSS scoring
PyPI package vulnfeed-mcp (version 0.3.3) with stdio transport
Free tier works without VULNFEED_API_KEY; optional Polar.sh license for paid tier
x402 payment model mentioned for extended commercial use
Focused on supply-chain risk, not penetration testing exploitation
9 MCP tools documented in catalog description
Server version 0.3.3 on PyPI identifier vulnfeed-mcp
Free tier available without API key; optional VULNFEED_API_KEY for paid tier

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

What problem does it solve?

Dependency CVE noise piles up in lockfiles and solo builders lack a fast, agent-friendly way to prioritize what to fix before shipping.

Who is it for?

Indie developers who want free-tier MCP vulnerability scanning with optional paid license for heavier EPSS-backed workflows.

Skip if: Organizations that need on-prem-only scanning with no external API, or teams seeking active exploit pentesting rather than dependency intelligence.

What do I get? / Deliverables

After registering vulnfeed-mcp, your agent can run EPSS-aware vulnerability scans so you patch the highest-risk packages with a clearer order of operations.

Stdio VulnFeed MCP server connected to your agent
EPSS-informed vulnerability findings on project dependencies
Repeatable pre-ship and post-update security scan workflow

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

How it compares

Dependency CVE and EPSS scanner MCP, not a Razorpay billing connector or CPU profiler.

Common Questions / FAQ

Who is io.github.infai-tech/vulnfeed for?

Solo builders and small teams shipping npm, Python, or mixed stacks who want coding agents to run dependency vulnerability checks with EPSS prioritization.

When should I use io.github.infai-tech/vulnfeed?

Use it in ship security before releases, when dependencies update, or in operate when monitoring for newly disclosed CVEs affecting your lockfile.

How do I add io.github.infai-tech/vulnfeed to my agent?

Install vulnfeed-mcp from PyPI, configure stdio in your MCP client, optionally set VULNFEED_API_KEY for paid tier, then enable the server and run its 9 tools from your agent.

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is io.github.infai-tech/vulnfeed for?

When should I use io.github.infai-tech/vulnfeed?

How do I add io.github.infai-tech/vulnfeed to my agent?

This week for builders

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is io.github.infai-tech/vulnfeed for?

When should I use io.github.infai-tech/vulnfeed?

How do I add io.github.infai-tech/vulnfeed to my agent?