Dev-flow security companion

Build secure AI agents with Claude, Cursor, and Claude Code

Connect the Inkog MCP server and get a security second-opinion as you code. Ask your AI assistant to scan, explain, and fix findings — without leaving the conversation.

$ npx -y @inkog-io/mcp
Get a free API keyView on GitHub

Security as a conversation, not a post-hoc check

Traditional scanners run after the code is written. Inkog MCP runs while you and the AI are still deciding what to build — so insecure patterns never land in the first place.

Scan during development

Ask your assistant to scan the current workspace. Findings come back in the same chat, with file paths and severity.

Explain & fix in-flow

Ask Claude to explain any finding and apply the fix. No context switching between terminal, browser, and IDE.

Verify governance before shipping

Before you merge, ask Inkog to verify your AGENTS.md actually matches the code. No other tool does this.

Things to ask Claude once Inkog is connected

The assistant picks the right Inkog tool for each request. No flags to memorize, no manual CLI invocation.

Scan this agent for security vulnerabilities before I ship it.

Runs inkog_scan on your workspace and returns findings with severity, location, and fix guidance.

Explain why this finding is a problem and how to fix it.

Calls inkog_explain_finding to get a plain-language walkthrough and remediation patch.

Verify my AGENTS.md actually matches what the code does.

Runs inkog_verify_governance to check declared oversight, authorization, and audit claims against the implementation.

Audit the MCP servers I'm about to install for tool poisoning.

Runs inkog_audit_mcp_server against any MCP server in the registry — before you add it to your config.

Generate an EU AI Act Article 14 compliance report for this project.

Runs inkog_compliance_report and returns a structured report mapped to Articles 12, 14, and 15.

Two capabilities you won't find anywhere else

The Inkog MCP ships ten tools. Two of them solve problems no other scanner, linter, or security platform can answer today.

AGENTS.md governance verification

inkog_verify_governance reads your AGENTS.md and checks whether the declared human oversight, authorization controls, and audit trails actually exist in the code. Claims without implementation get flagged.

EU AI Act Article 14 evidence in one call.

Multi-agent delegation auditing

inkog_audit_a2a traces how work flows between agents in CrewAI, AutoGen, LangGraph, and ADK projects — and flags delegations that bypass authentication, skip authorization, or leak privileges.

Catches CWE-345 and confused deputy across agents.

Install in 60 seconds

Pick your client. The package is the same in every case: @inkog-io/mcp.

Claude Desktop

{
  "mcpServers": {
    "inkog": {
      "command": "npx",
      "args": ["-y", "@inkog-io/mcp"],
      "env": { "INKOG_API_KEY": "sk_live_..." }
    }
  }
}

Add to ~/Library/Application Support/Claude/claude_desktop_config.json

Cursor

{
  "mcpServers": {
    "inkog": {
      "command": "npx",
      "args": ["-y", "@inkog-io/mcp"],
      "env": { "INKOG_API_KEY": "sk_live_..." }
    }
  }
}

Add to ~/.cursor/mcp.json (or project-level .cursor/mcp.json)

Claude Code

claude mcp add inkog \
  --env INKOG_API_KEY=sk_live_... \
  -- npx -y @inkog-io/mcp

Run in your terminal. The Inkog tools become available in every session.

Learn more

Audit third-party MCP serversCrewAI multi-agent authenticationFree tier & pricing

Ship secure agents, conversationally

Free tier. No credit card. Install the MCP server, connect your API key, and ask your AI assistant to scan your first agent.

Start freeSource & docs