playbooks

home / mcp / security context mcp server

Security Context MCP Server

Provides fast, offline-capable access to authoritative security guidance from OWASP, NIST, AWS, Google Cloud, SANS, CIS, and more.

Installation
Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "abreed05-cybersecurity-mcp": {
      "command": "node",
      "args": [
        "/path/to/security-mcp/dist/index.js"
      ]
    }
  }
}

You run a self-contained MCP server that gives you fast access to authoritative security guidance from top sources. It caches and indexes documentation locally, so you can search and retrieve relevant guidance even when you’re offline.

How to use

You use an MCP client to connect to the Security Context MCP Server. Once connected, you can search across security documentation, request comprehensive context on a topic from multiple sources, and list available sources. The server serves responses from its local index, providing fast results and offline capability.

Practical workflows you can perform include combining guidance from multiple sources for a topic, exploring frameworks like NIST CSF and AWS Well-Architected, and drilling into specific OWASP Top 10 categories. You can also see which sources are available and fetch new content when needed.

How to install

Prerequisites: you need Node.js installed on your system.

npm install
npm run build

Initial setup downloads and indexes security documentation for fast semantic search.

npm run fetch-docs

The fetch process downloads documentation, indexes it for fast search, and caches everything locally at ~/.security-mcp/.

Configuration and runtime

To run the MCP server locally, configure your MCP client with one of the following runtime options.

{
  "mcpServers": {
    "security_context": {
      "command": "node",
      "args": ["/path/to/security-mcp/dist/index.js"]
    }
  }
}

Additional sections

If you prefer a zero-setup approach, you can install a global command that runs the MCP server directly. This provides a simple entry point to connect your MCP client without referencing a local script path.

{
  "mcpServers": {
    "security_context": {
      "command": "security-mcp"
    }
  }
}

Usage notes and file locations

The server caches documentation locally for quick access. The cache location is ~/.security-mcp/ and the indexed data is stored in ~/.security-mcp/documents.json.

Available tools

search_security_docs

Search across all security documentation using natural language and return relevant results.

get_security_context

Retrieve comprehensive context on a topic from multiple sources, aggregating information from all relevant sources.

list_security_sources

List all available documentation sources and their categories.

get_owasp_top10

Get specific OWASP Top 10 vulnerability information by category.