Back to MCP Servers

Miggo MCP Server

Query Miggo's Application Detection and Response platform for vulnerabilities, findings, services, endpoints, dependencies, and third-party integrations via natural language.

Security by Miggo Security API Key active
GitHub Docs
Overview

The Miggo MCP server is the official integration from Miggo Security, exposing the company's Application Detection and Response (ADR) platform to AI assistants like Claude Desktop, Cursor, VS Code Copilot, and JetBrains IDEs. It lets engineers and security teams query live application security context, vulnerabilities, runtime findings, services, endpoints, dependencies, and third-party integrations, using natural language instead of clicking through the Miggo dashboard.

The server is built on FastMCP and registers a read-only set of search, get, count, and facet tools across six core domains (services, endpoints, third parties, findings, vulnerabilities, dependencies) plus a project metadata tool. All tools are annotated as non-destructive and idempotent, so they are safe for agents to call freely during investigation workflows like CVE impact assessment, risk prioritization, or auditing internet-facing endpoints.

The repo is published by the official miggo-io GitHub organization under the MIT license. It is distributed as a Python package runnable via uvx, and Claude Desktop users can install a pre-built .mcpb bundle from the GitHub Releases page. Authentication uses a MIGGO_PUBLIC_TOKEN generated in the Miggo Integrations portal.

Tools

Tool Description
services_search Search services in the Miggo inventory with filters and sorting.
services_get Fetch a single service by ID.
services_count Count services matching a filter.
services_facets Return facet values for the services collection.
endpoints_search Search endpoints (including internet-facing ones) with filters and sorting.
endpoints_get Fetch a single endpoint by ID.
endpoints_count Count endpoints matching a filter.
endpoints_facets Return facet values for the endpoints collection.
third_parties_search Search detected third-party integrations.
third_parties_get Fetch a single third-party integration by ID.
third_parties_count Count third-party integrations matching a filter.
third_parties_facets Return facet values for the third parties collection.
findings_search Search security findings with filters and sort (defaults to risk desc).
findings_get Fetch a single finding by ID.
findings_count Count findings matching a filter.
findings_facets Return facet values for the findings collection.
vulnerabilities_search Search vulnerabilities and CVEs with filters and sorting.
vulnerabilities_get Fetch a single vulnerability/CVE by ID.
vulnerabilities_count Count vulnerabilities matching a filter.
vulnerabilities_facets Return facet values for the vulnerabilities collection.
dependencies_search Search application dependencies.
dependencies_get Fetch a single dependency by ID.
dependencies_count Count dependencies matching a filter.
dependencies_facets Return facet values for the dependencies collection.
project_get Retrieve project metadata for the authenticated Miggo workspace.
Setup Guide

Prerequisites

  • An active Miggo account
  • An API token from the Miggo Integrations portal
  • uv package manager on your system PATH (Claude Desktop bundles its own uv)

Claude Desktop

Download the latest .mcpb bundle from the releases page, open it for automatic installation, then paste your API token when prompted.

Cursor

{
  "mcpServers": {
    "miggo": {
      "command": "uvx",
      "args": ["--from", "git+https://github.com/miggo-io/miggo-mcp", "miggo-mcp"],
      "env": {
        "MIGGO_PUBLIC_TOKEN": "<your-token>"
      }
    }
  }
}

VS Code / GitHub Copilot

Add to settings.json:

{
  "mcp": {
    "servers": {
      "miggo": {
        "command": "uvx",
        "args": ["--from", "git+https://github.com/miggo-io/miggo-mcp", "miggo-mcp"],
        "env": {
          "MIGGO_PUBLIC_TOKEN": "<your-token>"
        }
      }
    }
  }
}

JetBrains IDEs

Go to Settings → Tools → AI Assistant → MCP Servers and add the same configuration as above.

Environment Variables

Variable Required Default Purpose
MIGGO_PUBLIC_TOKEN Yes API authentication credential
MIGGO_PUBLIC_API_URL No https://api-beta.miggo.io API endpoint
MIGGO_PUBLIC_DEFAULT_TAKE No 10 Page size (max 50)
MIGGO_PUBLIC_DEFAULT_SKIP No 0 Pagination offset
MIGGO_PUBLIC_DEFAULT_SORT No risk,desc Default sort order
Use Cases
  • Triage a new CVE by asking the agent whether any running service is affected and which endpoints expose the vulnerable code path.
  • Build a daily security stand-up briefing that pulls top findings sorted by risk and summarizes them with affected services.
  • Audit all internet-facing endpoints and surface those with critical or high severity findings.
  • Inventory third-party integrations used across applications to support vendor risk reviews.
  • Generate a dependency report for a specific service to support SBOM or compliance work.
Example Prompts
  • "Give me a security overview, what are the top risks I should address first?"
  • "Am I affected by CVE-2024-3094? Which services and endpoints are exposed?"
  • "List all my internet-facing endpoints and flag any with critical findings."
  • "Show me every third-party integration used by the payments service and any high risk findings on them."
  • "Count open findings grouped by severity for the past week and list the top 10 by risk score."
Pros
  • Official server published by Miggo under the miggo-io GitHub org, MIT licensed.
  • Comprehensive read-only coverage across six security domains with consistent search, get, count, and facet patterns (25 tools total).
  • All tools are annotated as read-only, non-destructive, and idempotent, making them safe for autonomous agent use.
  • Ships a Claude Desktop .mcpb bundle plus documented configs for Cursor, VS Code, and JetBrains.
Limitations
  • Read-only by design, no tools for remediating findings, suppressing alerts, or modifying Miggo configuration from the agent.
  • Requires a Miggo account and API token, so it is not useful without an existing paid platform subscription.
  • API currently points at a beta endpoint (api-beta.miggo.io) by default, suggesting the public API surface may still evolve.
Alternatives
More Security MCP Servers
Bitwarden
Local-first MCP server for Bitwarden. Manage vault items, generate passwords, share secrets via Send, and administer organizations through the Bitwarden CLI and public API.
Conviso
MCP server for the Conviso Platform. Lets AI agents query software assets, vulnerabilities, security projects, and AppSec risk metrics.
CrowdStrike Falcon
Official CrowdStrike MCP server connecting AI agents to the Falcon platform for detections, threat intel, hosts, vulnerabilities, and security automation.
DataGrail
Provider-hosted MCP server for DataGrail's Vera privacy platform. Manage DSRs, opt-outs, data mapping, consent, and risk assessments from AI tools.