MCP Server Integration

Inkog is available as a Model Context Protocol (MCP) server, enabling AI-powered security analysis directly within your favorite AI assistant.

Recommended Dev-Flow Workflow

Inkog is designed to live inside the conversation where you build the agent — not as a post-hoc gate. When the MCP server is connected to Claude Desktop, Cursor, or Claude Code, the loop looks like this:

1. Ask Claude to build a piece of agent logic.
2. Ask Claude to scan it with Inkog — "Scan this with Inkog and show me any CRITICAL or HIGH findings."
3. Ask Claude to explain each finding in plain English — "Explain the top finding. What's the risk, and how do I fix it?"
4. Ask Claude to apply the fixes — review the diff, approve, re-scan.
5. Before shipping, verify governance — "Verify my AGENTS.md against the code" and "Audit the agent-to-agent delegation".

See the full walkthrough: Building Secure AI Agents with Claude Code and the Inkog MCP .

Example prompts to keep handy

• “Scan the current directory with Inkog and show me any CRITICAL or HIGH findings.”
• “Explain the top finding in plain English. What’s the risk, and how do I fix it?”
• “Verify my AGENTS.md against the code. Does what I declared match what the agent actually does?”
• “Audit the agent-to-agent delegation in this crew. Any unsigned handoffs?”
• “Run a compliance report and map the findings to EU AI Act Articles 12, 14, and 15.”
• “Audit the MCP servers I’m integrating with. Any tool poisoning or excessive capabilities?”

Claude Code CLAUDE.md snippet

Drop this into your project’s CLAUDE.md and every contributor gets the same security co-pilot:

## Security (Inkog MCP)
 
Before committing agent code, run these checks via the Inkog MCP server:
 
1. `inkog_scan` on the changed directory — resolve any CRITICAL or HIGH finding.
2. `inkog_verify_governance` if AGENTS.md is present — governance declarations
   must match actual code behavior.
3. `inkog_audit_a2a` if this is a multi-agent system — delegation must be
   authenticated and bounded.
 
For any finding, use `inkog_explain_finding` to understand the risk before
applying a fix.

Cursor .cursor/rules snippet

# Inkog MCP security rules
 
When the user asks you to build or modify AI agent code, proactively:
 
- Call `inkog_scan` after writing new tool definitions, agent classes, or
  delegation logic.
- Call `inkog_verify_governance` if the project has an `AGENTS.md` file.
- Call `inkog_explain_finding` before proposing a fix for any non-trivial
  security finding.
 
Do not bypass CRITICAL findings. Offer to fix them inline.

Available Tools

When you install the Inkog MCP server, you get access to 7 security tools:

Installation

{
  "mcpServers": {
    "inkog": {
      "command": "npx",
      "args": ["-y", "@inkog-io/mcp"],
      "env": {
        "INKOG_API_KEY": "sk_live_your_api_key"
      }
    }
  }
}

{
  "mcpServers": {
    "inkog": {
      "command": "npx",
      "args": ["-y", "@inkog-io/mcp"],
      "env": {
        "INKOG_API_KEY": "sk_live_your_api_key"
      }
    }
  }
}

npx -y @inkog-io/mcp

npm install -g @inkog-io/mcp
inkog-mcp

Getting Your API Key

Tool Reference

inkog_scan

Scan AI agent code for security vulnerabilities.

{
  "path": "/path/to/your/agent",
  "policy": "balanced",
  "output": "summary"
}

Arguments:

• path (required): File or directory path to scan
• policy (optional): low-noise, balanced, comprehensive, governance, eu-ai-act
• output (optional): summary, detailed, sarif

Example prompts:

• “Scan my LangChain agent for vulnerabilities”
• “Check this agent for prompt injection risks”
• “Run a comprehensive security scan on ./my-agent”

inkog_verify_governance

Validate that AGENTS.md declarations match actual code behavior. This is Inkog’s unique capability - no other tool does governance verification.

{
  "path": "/path/to/your/agent"
}

Arguments:

• path (required): Path to directory containing AGENTS.md and agent code

Example prompts:

• “Verify my agent’s governance declarations”
• “Check if my AGENTS.md matches the code”
• “Validate governance for ./my-crewai-agent”

inkog_compliance_report

Generate compliance reports for regulatory frameworks.

{
  "path": "/path/to/your/agent",
  "framework": "eu-ai-act",
  "format": "markdown"
}

Arguments:

• path (required): Path to scan
• framework (optional): eu-ai-act, nist-ai-rmf, iso-42001, owasp-llm-top-10, all
• format (optional): markdown, json, pdf

Example prompts:

• “Generate an EU AI Act compliance report”
• “Check OWASP LLM Top 10 compliance for my agent”
• “Create a NIST AI RMF report”

inkog_explain_finding

Get detailed explanation and remediation guidance for a security finding.

{
  "pattern": "prompt-injection"
}

Arguments:

• finding_id (optional): Finding ID from scan results
• pattern (optional): Pattern name like prompt-injection, infinite-loop, token-bombing

Example prompts:

• “Explain how to fix prompt injection vulnerabilities”
• “What is token bombing and how do I prevent it?”
• “Tell me about the infinite-loop vulnerability”

inkog_audit_mcp_server

Security audit any MCP server from the registry or GitHub.

{
  "server_name": "github"
}

Arguments:

• server_name (optional): MCP server name from registry (e.g., github, slack, postgres)
• repository_url (optional): Direct GitHub repository URL

Example prompts:

• “Audit the GitHub MCP server for security issues”
• “Check if the Slack MCP server is safe to use”
• “Security review https://github.com/some/mcp-server ”

inkog_generate_mlbom

Generate a Machine Learning Bill of Materials listing all AI components.

{
  "path": "/path/to/your/agent",
  "format": "cyclonedx"
}

Arguments:

• path (required): Path to agent codebase
• format (optional): cyclonedx, spdx, json
• include_vulnerabilities (optional): Include known CVEs (default: true)

Example prompts:

• “Generate an MLBOM for my AI project”
• “Create a CycloneDX bill of materials”
• “List all AI components and their vulnerabilities”

inkog_audit_a2a

Audit Agent-to-Agent communications for security risks in multi-agent systems. This is Inkog’s unique capability - no other tool detects multi-agent delegation vulnerabilities.

{
  "path": "/path/to/your/multi-agent-system",
  "protocol": "auto-detect"
}

Arguments:

• path (required): Path to multi-agent codebase
• protocol (optional): a2a, crewai, langgraph, autogen, custom
• check_delegation_chains (optional): Check for infinite loops (default: true)

What it detects:

• Infinite delegation loops - Agent A delegates to B, B back to A
• Privilege escalation - Low-trust agent gains high-trust capabilities
• Unauthorized handoffs - Agents delegating to unapproved external agents
• Missing audit trails - No logging of inter-agent communication

Example prompts:

• “Audit my CrewAI crew for delegation loops”
• “Check for privilege escalation in my multi-agent system”
• “Analyze the agent topology in ./my-agents”
• “How many agents are in my CrewAI project?”

Sample output:

A2A SECURITY AUDIT
══════════════════════════════════════════════════════════════

AGENTS DETECTED (4)
┌─────────────────────────────────────────────────────────────┐
│ Research Specialist                                         │
│   Tools: search_tool, web_scraper                          │
│   Delegation: ENABLED                                       │
├─────────────────────────────────────────────────────────────┤
│ Industry Analyst                                            │
│   Tools: analysis_tool                                      │
│   Delegation: ENABLED                                       │
├─────────────────────────────────────────────────────────────┤
│ Meeting Strategy Advisor                                    │
│   Tools: calendar_tool                                      │
│   Delegation: ENABLED                                       │
├─────────────────────────────────────────────────────────────┤
│ Briefing Coordinator                                        │
│   Tools: (none)                                            │
│   Delegation: DISABLED (terminal)                           │
└─────────────────────────────────────────────────────────────┘

FINDINGS: 1 warning (potential delegation chain)

Recommended Workflow for AI Agent Development

Use Inkog throughout the development lifecycle — not just as a deployment gate:

1. Start building your agent (LangChain, CrewAI, AutoGen, etc.)
2. Use inkog_scan to check for vulnerabilities as you code — catch infinite loops, prompt injection, and missing guardrails early
3. Use inkog_explain_finding to understand and fix issues — get step-by-step remediation with code examples
4. Add AGENTS.md and verify with inkog_verify_governance — ensure your governance declarations match actual code behavior
5. Generate compliance report with inkog_compliance_report — map findings to EU AI Act, NIST AI RMF, OWASP LLM Top 10
6. Add Inkog to CI/CD — use inkog-io/inkog@v1 GitHub Action to gate PRs on security findings

Configuration

Environment variables for advanced configuration:

Troubleshooting

Verify Installation

Test that the MCP server is working by asking your AI assistant:

“Use Inkog to scan this directory for vulnerabilities”

If properly configured, the assistant will use the inkog_scan tool.

Debug Mode

Enable debug logging by setting:

{
  "env": {
    "INKOG_LOG_LEVEL": "debug"
  }
}

Source Code

The Inkog MCP Server is open source (Apache 2.0):

• GitHub: github.com/inkog-io/inkog-mcp 
• npm: @inkog-io/mcp 

Related