MCP Integration

SwarmHawk MCP Server

Connect your AI assistant directly to your live domain security data. Ask Claude, Cursor, or any MCP-compatible tool to scan domains, surface breach risks, and explain findings — all from a single conversation.

Last updated March 2026 · MCP server: https://swarmhawk.com/api/mcp

🔒

22+

Security checks per scan

⚡

MCP tools available

🌍

Live

Always fresh — no caches

What is MCP?

The Model Context Protocol (MCP) is an open standard created by Anthropic that lets AI assistants call external tools and data sources in a structured, sandboxed way. Think of it like a USB-C port for AI: any MCP-compatible client (Claude, Cursor, Windsurf, Cline…) can plug into any MCP server and immediately gain access to its tools.

When you connect the SwarmHawk MCP server to your AI tool, the assistant can read your live scan results, query domain risk scores, and explain findings — without you having to copy-paste data in or out. The AI operates on your real, current security posture, not a stale export.

What the AI can do via MCP:

List all your domains and their current risk scores
Fetch the full scan report for any domain, including every finding
Trigger a fresh scan on demand
Get aggregate statistics across your entire portfolio
Check scanner pipeline health

🔑

Security model: The MCP server is read-mostly. Your AI assistant cannot delete domains, modify your account, or change billing. The only write action is trigger_scan, which requires explicit confirmation.

Prerequisites

Item	Required?	Where to get it
SwarmHawk API key	✓ Yes	Dashboard → Account tab → API Key
SwarmHawk Pro or higher plan	✓ Yes	Free tier does not include API access
Claude Desktop app	For Claude Desktop setup	claude.ai/download
Cursor IDE ≥ 0.42	For Cursor setup	cursor.com
Windsurf IDE	For Windsurf setup	codeium.com/windsurf
VS Code + Cline extension	For Cline setup	marketplace.visualstudio.com

Server URL & Auth

All clients point to the same server endpoint:

MCP Server URL

https://swarmhawk.com/api/mcp

Authentication is a Bearer token sent in the Authorization header, or in the apiKey / api_key field depending on the client. Your API key is available in the dashboard Account tab. Keys never expire but can be regenerated.

Setup by Client

Pick your AI tool below for the exact configuration steps.

Find your config file

Open or create claude_desktop_config.json at the path for your OS:

macOS~/Library/Application Support/Claude/claude_desktop_config.json

Windows%APPDATA%\Claude\claude_desktop_config.json

Linux~/.config/Claude/claude_desktop_config.json

Add the SwarmHawk server block

Paste the JSON below. If the file already has other MCP servers, add SwarmHawk inside the existing mcpServers object.

claude_desktop_config.json

{
  "mcpServers": {
    "swarmhawk": {
      "type": "http",
      "url": "https://swarmhawk.com/api/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_API_KEY"
      }
    }
  }
}

Restart Claude Desktop

Quit and reopen the app. In a new conversation you should see a 🔌 icon or swarmhawk listed under connected tools. Try: "List my domains and their risk scores."

Claude.ai (web) supports MCP connections via Project settings → Connected tools. This feature is available on Claude Pro and Team plans.

Open a Project or start a new one

MCP connections are configured per-Project. Go to claude.ai → Projects → your project → Settings.

Add a connected tool

Click Connect a tool → Add custom server and enter:

URLhttps://swarmhawk.com/api/mcp

AuthBearer YOUR_API_KEY

Confirm the connection

Claude will verify the server is reachable and list the available tools. Click Connect. The tools are now available in every conversation in that Project.

Cursor supports MCP via a workspace-level .mcp.json file or global settings. Requires Cursor ≥ 0.42.

Create .mcp.json in your project root

.mcp.json

{
  "servers": {
    "swarmhawk": {
      "url": "https://swarmhawk.com/api/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_API_KEY"
      }
    }
  }
}

Enable in Cursor Settings (optional global config)

Open Cursor → Settings → MCP and toggle Enable MCP. Cursor will auto-detect the .mcp.json file. Or add the server globally so it's available in all projects.

Use in Cursor Composer

Open Composer (Cmd+I) and type "Using SwarmHawk, what's the riskiest domain in my account?" Cursor will call list_domains and return ranked results.

Windsurf (by Codeium) supports MCP via its Cascade AI feature. Configure once in Settings and the tools are available globally.

Open Windsurf Settings → Cascade → MCP Servers

Navigate to Settings → AI → Cascade → MCP Servers → Add Server.

Add SwarmHawk

Windsurf MCP config

{
  "name": "swarmhawk",
  "endpoint": "https://swarmhawk.com/api/mcp",
  "auth": {
    "type": "bearer",
    "token": "YOUR_API_KEY"
  }
}

Use in Cascade chat

Open the Cascade panel and type any security question referencing your domains. Windsurf will call SwarmHawk tools automatically.

Cline is a VS Code extension that supports MCP tools. Install Cline from the VS Code Marketplace, then configure SwarmHawk in the Cline settings JSON.

Install the Cline extension

Search for Cline in the VS Code Extension Marketplace and install it. Open the Cline panel in the sidebar.

Open Cline MCP settings

In the Cline panel, click the MCP Servers tab → Edit Config. This opens cline_mcp_settings.json.

Add SwarmHawk

cline_mcp_settings.json

{
  "mcpServers": {
    "swarmhawk": {
      "url": "https://swarmhawk.com/api/mcp",
      "apiKey": "YOUR_API_KEY"
    }
  }
}

Restart VS Code and verify

The SwarmHawk tools appear under Connected MCP Servers in the Cline panel. Toggle them on and start a conversation.

If you need to run the MCP server inside a private network or want to customize it, you can self-host the SwarmHawk MCP adapter using Python.

⚠️

Note: Self-hosting is for advanced users. The hosted server at swarmhawk-backend.onrender.com/mcp is always up-to-date and requires no maintenance on your part.

Install the MCP SDK

terminal

pip install mcp fastapi uvicorn httpx

Create your adapter

swarmhawk_mcp.py

# Minimal SwarmHawk MCP proxy
import os, httpx
from mcp.server.fastmcp import FastMCP

API = "https://swarmhawk.com/api"
KEY = os.environ["SWARMHAWK_API_KEY"]
HEADERS = {"Authorization": f"Bearer {KEY}"}

mcp = FastMCP("swarmhawk")

@mcp.tool()
async def list_domains():
    """Return all domains with risk score and scan status."""
    r = httpx.get(f"{API}/domains", headers=HEADERS)
    return r.json()

@mcp.tool()
async def get_scan_result(domain: str):
    """Full findings for a specific domain."""
    r = httpx.get(f"{API}/scan-results/{domain}", headers=HEADERS)
    return r.json()

if __name__ == "__main__":
    mcp.run(transport="sse")

Run it

terminal

SWARMHAWK_API_KEY=swh_xxx python swarmhawk_mcp.py

Then point your client to http://localhost:8000/mcp instead of the hosted URL.

All 9 MCP Tools

Once connected, your AI assistant has access to these tools. You don't call them directly — just ask a question and the AI picks the right tool automatically.

list_domains

READ

Returns all domains in your account with current risk score, scan status, and last scanned timestamp.

paramsnoneNo parameters required

returnsarrayList of domain objects with risk_score, status, last_scanned

get_scan_result

READ

Returns the full scan report for a single domain: every finding, severity, affected record, and remediation step.

domainstringe.g. "example.com"

returnsobjectrisk_score, findings[], dns_records, scan_history

get_risk_summary

READ

Aggregates your entire portfolio: total domains, average risk score, count of critical/warning/clean domains.

paramsnoneNo parameters required

returnsobjecttotal, avg_score, critical_count, clean_count

get_pipeline_status

READ

Returns the current scanner queue state: pending scans, completed today, error rate, last scan timestamp.

paramsnoneNo parameters required

returnsobjectpending, completed_today, error_rate, last_scan

trigger_scan

WRITE

Requests an immediate re-scan of a specific domain. The AI will ask you to confirm before calling this tool.

domainstringDomain to re-scan, e.g. "example.com"

returnsobjectjob_id, status: "queued"

get_findings_by_severity

READ

Filters findings across all domains by severity. Useful for getting a cross-portfolio view of all critical issues.

severitystring"critical" | "high" | "medium" | "low"

returnsarrayfindings[] with domain, message, fix

get_compliance_status

READ

Returns a compliance readiness summary for NIS2, DORA, and GDPR Article 32 based on current scan findings.

frameworkstring"nis2" | "dora" | "gdpr" (optional)

returnsobjectframework, status, gaps[], evidence[]

verify_domain_ownership

WRITE

Check whether the domain ownership verification token is in place via DNS TXT record, .well-known file, or HTML meta tag. Stores verified_at on success. Get the token first by asking "what is my verify token for example.com".

domainstringDomain to verify, e.g. "example.com"

returnsobjectverified: bool, method: "dns_txt" | "well_known" | "meta_tag"

run_authenticated_scan

WRITE

Run a security scan using a real session cookie to test authenticated surfaces: cookie security flags (HttpOnly/Secure/SameSite), authenticated page headers, and IDOR surface at common API paths. Results appear in the domain report within ~30s.

domainstringDomain to scan, e.g. "example.com"

cookiestringSession cookie string from browser DevTools

returnsobjectstatus: "scanning", results in report after ~30s

🤖

How tool selection works: You don't need to name tools in your prompt. If you ask "which of my domains are at risk?", the AI calls list_domains, filters for score > 30, and summarises. If you ask about compliance, it calls get_compliance_status. The AI chains multiple tools when needed.

Example Prompts

These prompts work across all MCP-compatible clients. The AI automatically selects the appropriate tool(s).

Security overview

💬

"Give me a security overview of all my domains. Which ones need immediate attention?"

→ calls list_domains + get_scan_result for high-risk items

💬

"What critical findings do I have across my entire portfolio right now?"

→ calls get_findings_by_severity("critical")

💬

"What's the risk score for api.example.com and what's causing it to be high?"

→ calls get_scan_result("api.example.com")

Remediation help

💬

"My domain example.com has no DMARC record. Write me the correct DNS TXT entry to add."

→ calls get_scan_result + generates fix based on findings

💬

"Walk me through fixing the top 3 issues on shop.example.com in order of priority."

→ calls get_scan_result, ranks findings, explains each fix step-by-step

Compliance

💬

"Am I NIS2-compliant based on my current scan results? What's still missing?"

→ calls get_compliance_status("nis2")

💬

"Produce a GDPR Article 32 technical measures summary I can paste into our security register."

→ calls get_compliance_status("gdpr") + formats output

Operations

💬

"Trigger a fresh scan on staging.example.com — I just deployed a config change."

→ confirms with you, then calls trigger_scan("staging.example.com")

💬

"How many domains are in the scan queue right now and when was the last scan completed?"

→ calls get_pipeline_status()

Troubleshooting

Most common cause: the config file has a JSON syntax error or the server URL has a typo. Validate the JSON at jsonlint.com. The URL must be exactly https://swarmhawk.com/api/mcp — no trailing slash.

Also check you restarted the client fully (not just closed the window) after editing the config.

Your API key is missing, malformed, or belongs to a Free tier account. Check:

The key is in the config exactly as shown in your Account tab (starts with swh_)
The header value is Bearer swh_your_key — the word "Bearer" followed by a space must be included
Your SwarmHawk plan is Pro or higher — Free accounts do not have API access

If list_domains returns an empty array, you haven't added any domains to your SwarmHawk account yet — go to the dashboard and add one. If the data looks old, trigger a fresh scan via the dashboard or ask the AI to call trigger_scan.

The backend runs on Render's free tier which spins down after 15 minutes of inactivity. The first request after a cold start takes 20–40 seconds. Subsequent requests are fast. Enterprise plans are hosted on always-on infrastructure.

This is intentional for trigger_scan (the only write operation). For read-only tools, Claude should call them without confirmation. If you're seeing confirmation prompts for reads, check your Claude Desktop or project settings — there may be a "require approval for all MCP tools" setting enabled.

MCP is designed for interactive AI use. For automated pipelines, use the REST API directly instead — it's simpler, has no AI overhead, and gives you full programmatic control. See the API section of the Knowledge Base for full documentation and code examples.

Getting Your API Key

Go to swarmhawk.com/app/ and sign in with your account.

Open the Account tab

Click the 👤 Account tab in the top dashboard navigation.

Find your API key

Scroll to the API Key section. Click Reveal to show the full key. Copy it and paste it into your MCP config in place of YOUR_API_KEY.

🔒

Never share your API key. Do not commit it to version control. Do not paste it in public chat. If it's compromised, go back to the Account tab and click Regenerate — the old key is immediately invalidated.

Last updated March 2026 · swarmhawk.com · Knowledge Base · Privacy