Security Context MCP Server

An MCP (Model Context Protocol) server that provides instant access to authoritative security documentation from OWASP, NIST, AWS, Google Cloud, SANS, CIS, and other cybersecurity authorities. Think of it as having a security expert at your fingertips.

Features

• Comprehensive Security Knowledge Base: Aggregates documentation from multiple authoritative sources
• Semantic Search: Find relevant security guidance using natural language queries
• Local Caching: Fast, offline-capable access to indexed documentation
• Multiple Security Domains:
  • OWASP Top 10, Cheat Sheets
  • NIST Cybersecurity Framework, SP 800-53, SP 800-171, Zero Trust
  • AWS Security Best Practices, Well-Architected Framework
  • Google Cloud Security, BeyondCorp Zero Trust
  • SANS/CWE Top 25, CIS Controls
  • CIS Benchmarks

Installation

npm install
npm run build

Initial Setup

Before using the MCP server, fetch and index the security documentation:

npm run fetch-docs

This will:

1. Download documentation from all configured sources
2. Index the content for fast semantic search
3. Cache everything locally in ~/.security-mcp/

The fetch process takes 2-5 minutes depending on your internet connection. You only need to run this once, or periodically to update the documentation.

Usage

As an MCP Server

Add to your Claude Desktop config (~/Library/Application Support/Claude/claude_desktop_config.json on macOS):

{
  "mcpServers": {
    "security-context": {
      "command": "node",
      "args": ["/path/to/security-mcp/dist/index.js"]
    }
  }
}

Or if installed globally:

{
  "mcpServers": {
    "security-context": {
      "command": "security-mcp"
    }
  }
}

Available Tools

Once configured, Claude will have access to these tools:

1. search_security_docs

Search across all security documentation using natural language.

Example queries:

• "How do I prevent SQL injection?"
• "What are AWS IAM best practices?"
• "Explain zero trust architecture"
• "NIST incident response guidelines"

Parameters:

• query (required): Your security question or topic
• limit (optional): Max results (default: 5)
• source (optional): Filter to specific source (OWASP, NIST, AWS, Google, SANS, CIS)

2. get_security_context

Get comprehensive context on a topic from multiple sources.

Example:

{
  "topic": "authentication best practices"
}

Returns aggregated information from all relevant sources.

3. list_security_sources

List all available documentation sources and their categories.

4. get_owasp_top10

Get specific OWASP Top 10 vulnerability information.

Parameters:

• category (optional): Specific category like "A01:2021 - Broken Access Control"

Examples

Example 1: Finding Security Guidance

User: "How should I secure my AWS S3 buckets?"

Claude (using search_security_docs):

Found relevant guidance from AWS Security Best Practices:

• Enable S3 Block Public Access by default
• Use IAM roles and policies for access control
• Enable versioning and Object Lock
• Implement bucket encryption [... detailed results with links ...]

Example 2: Understanding Frameworks

User: "What is NIST CSF and how do I use it?"

Claude (using get_security_context):

The NIST Cybersecurity Framework provides structured approach to managing risk... [Shows information from multiple NIST sources about CSF functions, implementation tiers, and profiles]

Example 3: Vulnerability Research

User: "Tell me about the latest OWASP Top 10"

Claude (using get_owasp_top10):

OWASP Top 10 2021 includes:

1. A01:2021 - Broken Access Control
2. A02:2021 - Cryptographic Failures [... detailed information about each category ...]

Architecture

Components

• MCP Server (src/index.ts): Main server implementing MCP protocol
• Vector Store (src/vector/simple-store.ts): TF-IDF based search with local caching
• Document Sources (src/sources/): Fetchers for each security authority
• Document Fetcher (src/fetcher.ts): Orchestrates downloading and indexing

Data Flow

1. Fetch Phase: npm run fetch-docs downloads documentation from sources
2. Index Phase: Content is processed and indexed with TF-IDF for semantic search
3. Cache Phase: Indexed documents saved to ~/.security-mcp/documents.json
4. Query Phase: MCP tools search the indexed cache and return relevant results

Storage

Documents are stored in: ~/.security-mcp/documents.json

To update documentation, simply run npm run fetch-docs again.

Customization

Adding New Sources

Create a new source in src/sources/:

import { DocumentSource, SecurityDocument } from "../types.js";

export class CustomSource implements DocumentSource {
  name = "CustomSource";

  async fetchDocuments(): Promise<SecurityDocument[]> {
    // Fetch and return documents
    return [];
  }
}

Then add it to src/fetcher.ts:

import { CustomSource } from "./sources/custom.js";

const sources = [
  // ... existing sources
  new CustomSource(),
];

Upgrading to Vector Embeddings

The current implementation uses TF-IDF for simplicity and zero external dependencies. For better semantic search, you can upgrade to proper embeddings:

1. Replace SimpleVectorStore with a real vector DB (ChromaDB, Pinecone, Weaviate)
2. Add embedding generation using:
   • OpenAI embeddings API
   • Local models via Sentence Transformers
   • Anthropic's Claude API

Updating Documentation

Security documentation changes frequently. Update your cache periodically:

npm run fetch-docs

Consider setting up a cron job to update weekly:

# Run every Sunday at 2am
0 2 * * 0 cd /path/to/security-mcp && npm run fetch-docs

Technical Details

Technologies Used

• MCP SDK: Official Model Context Protocol implementation
• TypeScript: Type-safe development
• Axios & Cheerio: Web scraping and HTML parsing
• Natural: NLP and TF-IDF search
• PDF Parse: PDF document processing (for future enhancements)

Performance

• Initial fetch: 2-5 minutes
• Index size: ~2-5 MB (for all sources)
• Search latency: <100ms (local cache)
• Memory usage: ~50-100 MB

Limitations

• Web scraping may break if source websites change structure
• TF-IDF is simpler than embedding-based search
• No automatic update mechanism (manual refresh required)
• English language only

Troubleshooting

Documents not found

Run the fetcher to download documentation:

npm run fetch-docs

Server not connecting

Check your MCP configuration in Claude Desktop and ensure the path is correct.

Fetch errors

Some sources may be temporarily unavailable. The fetcher continues with other sources even if one fails.

Empty results

Try different query phrasings or use list_security_sources to see what's available.

Contributing

To add more security sources:

1. Create a new source file in src/sources/
2. Implement the DocumentSource interface
3. Add the source to src/fetcher.ts
4. Submit a pull request

Potential sources to add:

• Microsoft Security Best Practices
• Azure Security
• PCI DSS guidelines
• HIPAA security rules
• ISO 27001/27002
• SOC 2 requirements

License

MIT

Security & Privacy

• All documentation is cached locally
• No external API calls during query time
• No telemetry or data collection
• Open source and auditable

Support

For issues or questions:

• File an issue on GitHub
• Check the documentation
• Review the source code

---

Built with ❤️ for the security community