Vicarius vRx MCP Server
An MCP server that exposes the Vicarius vRx External Data API to AI assistants, providing 88 tools across 37 API domains for managing vulnerabilities, endpoints, patches, and more, with read-only safety enforcement.
README
Vicarius vRx MCP Server
A Model Context Protocol server that exposes the
Vicarius vRx External Data API (REST) to AI assistants. It provides 88 tools across 37
API domains — Vulnerabilities/CVEs, Endpoints (Assets), Patches & Updates, Publishers &
Products, Tasks & Events, Automations & Scripts, Users, and more — plus a generic
vrx_request escape hatch for anything not covered by a dedicated tool. The tool set is
generated directly from the vRx OpenAPI specification, so it stays faithful to the real
API surface, and the generated output is deterministic and committed.
[!IMPORTANT] Unofficial project. This is an independent, internally-built MCP server developed against Vicarius's published API documentation. It is not an official Vicarius product and is not affiliated with, endorsed by, or supported by Vicarius. "Vicarius" and "vRx" are trademarks of their respective owner. For official support of the vRx platform or the API itself, contact Vicarius directly.
[!WARNING] Beta software — not yet recommended for production. This project is under active development. The tool surface may still change between versions, and not every endpoint has been exercised against every tenant/entitlement configuration.
This server can perform destructive actions against your vRx tenant. Tools can delete assets and asset groups, create/update/delete users and invitations, modify automations and scan inputs, and update tasks. A hallucinated tool argument from your AI assistant could change your tenant configuration.
Recommended posture:
- Run read-only first. Set
VRX_READ_ONLY=trueto register only read tools and makevrx_requestreject any non-GET request. Lift it only when you need to write.- Use a vRx API key scoped to the minimum permissions your use case requires.
- Review every mutating tool call before allowing execution. Claude Desktop requires tool-call approval by default — keep that enabled.
- Treat the API key with the same care as portal admin credentials.
- The HTTP transport binds to
127.0.0.1by default. Do not expose it to the public internet without adding authentication.
Tools
88 tools across 37 API controllers (59 read + 29 mutating), plus the vrx_request escape
hatch — 89 total in full mode, 60 in read-only mode (mutating tools are not registered when
read-only). The table below groups the controllers into functional domains.
| Domain | Read | Write | Notable tools |
|---|---|---|---|
| Vulnerabilities & CVEs | 9 | 0 | vulnerability_search, vulnerability_count, endpoint_vulnerability_filter, organization_endpoint_vulnerabilities_search, vulnerability_attack_vectors_search_by_fields, vulnerability_links_search_by_fields |
| Endpoints (Assets) | 7 | 5 | endpoint_search, endpoint_attributes_search, organization_endpoint_group_search, aggregation_search_group, endpoint_delete, organization_endpoint_group_insert |
| Patches & Updates | 11 | 3 | patch_management_patch, patch_management_cve_info, organization_endpoint_patch_patch_packages_filter, organization_endpoint_external_reference_external_references_search, patch_package_search_by_fields |
| Publishers, Products & OS | 9 | 0 | organization_publisher_products_search, organization_endpoint_publisher_product_versions_search, organization_publisher_operating_systems_search, operating_system_family_search_by_fields |
| Tasks & Events | 10 | 7 | task_event_filter, task_endpoints_event_filter, incident_event_filter, task_update, task_template_insert, automation_task_templates_insert |
| Automations & Scripts | 9 | 9 | automation_search, automations_automations, script_template_search, organization_scan_input_search, automation_delete, organization_scan_input_update |
| Users & Invitations | 3 | 5 | user_search, user_invitation_search, user_invitation_insert, user_invitation_update, user_invitation_delete |
| Utilities | 1 | 0 | date_get_current_date |
See docs/ENDPOINTS.md for the full tool ↔ method ↔ path mapping (all
88 tools with their mutating flag).
Highlights:
- Search tools (
endpoint_search,vulnerability_search,organization_endpoint_group_search, …) accept an RSQLqfilter plusfrom/sizepaging — see Querying. - Filter / count tools (
*_filter,*_count) cover event streams (incident events, task events) and counts for dashboards. - Aggregation tools (
aggregation_group,aggregation_search_group) power grouped/rollup queries (e.g. count of active CVEs grouped by vulnerability). vrx_requestescape hatch issues an arbitrary request against the API for any endpoint without a dedicated tool. In read-only mode it rejects every non-GET method.- Read-only safety is enforced at two layers — mutating tools are never registered in
read-only mode, and
vrx_requestindependently refuses mutations.
Quick start
Install
# with uv (recommended)
uv tool install vrx-mcp
# or with pip
pip install vrx-mcp
This installs the vrx-mcp console script. For development from source:
git clone https://github.com/Space-C0wboy/vicarius-vrx-mcp-server
cd vicarius-vrx-mcp-server
python -m venv .venv
.venv/Scripts/python -m pip install -e ".[dev]" # Windows
# .venv/bin/python -m pip install -e ".[dev]" # macOS/Linux
Getting an API key
- In the vRx portal, go to Settings, select the api tag, then Create Integration.
- Copy the generated API key — this is your
VRX_API_KEY. - Your base URL is
https://<your-dashboard>.vicarius.cloud/vicarius-external-data-api.
Requests authenticate with the vicarius-token header (the API key value); this server
sets it for you on every request.
Configuration
Copy .env.example to .env and set:
| Variable | Required | Default | Description |
|---|---|---|---|
VRX_API_KEY |
yes | — | Your vRx API key (Settings → api → Create Integration) |
VRX_BASE_URL |
yes | — | Full API base URL, e.g. https://<dashboard>.vicarius.cloud/vicarius-external-data-api. No default — the server fails fast if unset (no tenant is hardcoded) |
VRX_AUTH_HEADER |
no | vicarius-token |
Header name carrying the API key |
VRX_READ_ONLY |
no | false |
When true, no mutating tools are registered and vrx_request rejects non-GET requests |
VRX_TIMEOUT |
no | 60 |
Request timeout in seconds |
LOG_LEVEL |
no | INFO |
Logging level (logs go to stderr) |
MCP_HTTP_HOST / MCP_HTTP_PORT |
no | 127.0.0.1:8765 |
HTTP transport bind |
Run
- stdio (default, for Claude Desktop/Code):
vrx-mcp - HTTP:
vrx-mcp --transport http --port 8765
Querying
vRx search endpoints use RSQL in the q query parameter:
| Operator | Meaning | Example |
|---|---|---|
== |
equals | endpointName=='HOST01' |
=in=(a,b,c) |
in list | endpointId=in=(101,102,103) |
=re='regex' |
regex match | vulnerabilityExternalReference.externalReferenceExternalId=re='.*(cve-2024).*' |
> / < |
compare | analyticsEventCreatedAtNano>1682913600000000000 |
Pagination: every query takes from (offset) and size. size ≤ 500 per request and
from ≤ 10,000. To page beyond offset 10,000, use seek paging: keep from=0, add a
sort (e.g. -endpointId), and add a q comparison on the last value seen
(e.g. q=endpointId<525236), repeating until the result is empty.
Response envelope: responses wrap results in a standard shape —
serverResponseResult.serverResponseResultCode ("SUCCESS"), serverResponseCount (total
matching records), and serverResponseObject (the array of records).
Rate limits: the API allows 60 queries / 60 seconds per organization scope and returns
HTTP 429 with an X-Rate-Limit-Retry-After-Seconds header when exceeded. The client
automatically retries 429s (and transient 5xx/network errors) with backoff, honoring that
header.
Read-only mode
Set VRX_READ_ONLY=true to run the server safely against production. In this mode:
- No mutating tools are registered — only the 59 read tools (+
vrx_request) are exposed. vrx_requestrejects any non-GET method, so it can only run read operations.
Read-only mode is strongly recommended for analyst-assistant, reporting, and dashboard use
cases where the model should never change tenant state. The shipped .env.example defaults to
read-only.
Editor integration
Claude Code
claude mcp add vrx \
--env VRX_API_KEY=your-key-here \
--env VRX_BASE_URL=https://your-dashboard.vicarius.cloud/vicarius-external-data-api \
--env VRX_READ_ONLY=true \
-- vrx-mcp
Claude Desktop
Edit claude_desktop_config.json:
- macOS:
~/Library/Application Support/Claude/claude_desktop_config.json - Windows:
%APPDATA%\Claude\claude_desktop_config.json
{
"mcpServers": {
"vrx": {
"command": "vrx-mcp",
"env": {
"VRX_API_KEY": "your-key-here",
"VRX_BASE_URL": "https://your-dashboard.vicarius.cloud/vicarius-external-data-api",
"VRX_READ_ONLY": "true"
}
}
}
}
Restart Claude Desktop, then confirm vrx appears in the tools menu.
Example prompts
- "List the first 100 assets in vRx." →
endpoint_search(from=0,size=100). - "Find the asset named HOST01." →
endpoint_search(q=endpointName=='HOST01'). - "Show me all Critical CVEs." →
vulnerability_search(q=vulnerabilitySensitivityLevel.sensitivityLevelName=='Critical'). - "Which assets are affected by CVE-2024-3094?" →
vulnerability_searchto resolve the CVE, thenendpoint_searchwith asearchQuerysjoin body onOrganizationEndpointVulnerabilities. - "List endpoints with critical missing patches." →
organization_endpoint_external_reference_external_references_search(q=...patchSensitivityLevel.sensitivityLevelName=='Critical'). - "Get attack vectors and links for a vulnerability." →
vulnerability_attack_vectors_search_by_fields/vulnerability_links_search_by_fields(q=vulnerabilityId==<id>). - "Show the recent event log." →
incident_event_filter(sort +analyticsEventCreatedAtNanorange). - "Count active CVEs grouped by vulnerability." →
aggregation_search_group. - "Call an endpoint I don't have a tool for." →
vrx_request(method,path,query,body).
How tools are generated
The tool modules are generated from the vRx OpenAPI specification:
python scripts/generate_from_openapi.py "Reference Material/api-docs.json"
This regenerates the modules under src/vrx_mcp/tools/_generated/ and the catalog at
docs/ENDPOINTS.md. The generated files are not hand-edited — to change a tool, edit the
generator (its OVERRIDES / MUTATING_OVERRIDES maps) and regenerate. Generation is
deterministic, so re-running it produces a byte-identical, reviewable diff.
The OpenAPI spec and other vRx reference material live in the Reference Material/
directory, which is gitignored (vendor/customer-proprietary material, not redistributed).
Key generator behavior:
- Operations are grouped by OpenAPI controller tag into one module per domain.
- Redundant GET/POST search twins are collapsed to a single tool (the POST/body form).
- Each operation is classified mutating (
PUT/DELETE, or a non-searchPOST) or read (GET, or a search-stylePOST); mutating tools are hidden in read-only mode.
Development
.venv/Scripts/python -m pytest # full suite (httpx fully mocked; no live calls)
.venv/Scripts/python -m ruff check . # lint
.venv/Scripts/python scripts/generate_from_openapi.py "Reference Material/api-docs.json" # regenerate
CI runs ruff + pytest on Python 3.10 / 3.11 / 3.12 (see .github/workflows/ci.yml).
Maintainers: see CONTRIBUTING.md for the release process.
License
Support
This is an unofficial, internal project. For vRx platform or API questions, contact Vicarius directly. For issues with this MCP server, open an issue on the GitHub repository.
推荐服务器
Baidu Map
百度地图核心API现已全面兼容MCP协议,是国内首家兼容MCP协议的地图服务商。
Playwright MCP Server
一个模型上下文协议服务器,它使大型语言模型能够通过结构化的可访问性快照与网页进行交互,而无需视觉模型或屏幕截图。
Magic Component Platform (MCP)
一个由人工智能驱动的工具,可以从自然语言描述生成现代化的用户界面组件,并与流行的集成开发环境(IDE)集成,从而简化用户界面开发流程。
Audiense Insights MCP Server
通过模型上下文协议启用与 Audiense Insights 账户的交互,从而促进营销洞察和受众数据的提取和分析,包括人口统计信息、行为和影响者互动。
VeyraX
一个单一的 MCP 工具,连接你所有喜爱的工具:Gmail、日历以及其他 40 多个工具。
graphlit-mcp-server
模型上下文协议 (MCP) 服务器实现了 MCP 客户端与 Graphlit 服务之间的集成。 除了网络爬取之外,还可以将任何内容(从 Slack 到 Gmail 再到播客订阅源)导入到 Graphlit 项目中,然后从 MCP 客户端检索相关内容。
Kagi MCP Server
一个 MCP 服务器,集成了 Kagi 搜索功能和 Claude AI,使 Claude 能够在回答需要最新信息的问题时执行实时网络搜索。
e2b-mcp-server
使用 MCP 通过 e2b 运行代码。
Neon MCP Server
用于与 Neon 管理 API 和数据库交互的 MCP 服务器
Exa MCP Server
模型上下文协议(MCP)服务器允许像 Claude 这样的 AI 助手使用 Exa AI 搜索 API 进行网络搜索。这种设置允许 AI 模型以安全和受控的方式获取实时的网络信息。