servers / aikidosec-mcp

@aikidosec/mcp

communityunknownnpmwrite capablehealthy

Aikido MCP server

49
/ 100

01Tools · 4
ToolRiskSide effectsApproval
aikido_ignore_issue
Tool to ignore a security issue from Aikido feed. WHEN TO CALL THIS TOOL - The user wants to ignore a security issue from the Aikido feed. - The user provides the issue ID and the reason for ignoring the issue.
unknownunknownunknown
aikido_issues_list
Tool to fetch security issues from Aikido feed. WHEN TO CALL THIS TOOL - The user asks to list, show, count, or summarize Aikido security issues from the aikido feed. - The user can scope the issues to a specific cloud name, repo name, vm name, domain name, container name, team name or workspace name. - The user can scope the issues of a repository to a specific branch name - You are about to triage or fix security issues and need the current issue set. OUTPUT FORMATTING EXAMPLE: Issue #1: <issue_title> - ID: <issue_id> - Issue type: <issue_type> - Severity: <issue_severity> (<issue_severity_label>) - Remediation: <issue_remediation>
writetrueunknown
aikido_full_scan
Runs an Aikido SAST and Secrets scan locally on provided code files returns the findings in JSON format. Files should be provided as paths relative to the root of the workspace or repository (Unix-style paths). If this is not possible, just the filename should be given. There is a limit of 50 files that can be scanned in a single request. If you need to scan more files, you can do multiple requests. If a repository name is provided, it will be used to identify the repository in the Aikido platform. Only pass a repository name if the files are actually coming from a repository - do not provide a repository name for standalone files or files from a local workspace that is not part of a repository. Use this tool when you need to: - scan code files for SAST vulnerabilities - scan code files for Secrets vulnerabilities
unknownunknownunknown
aikido_login
Starts the Aikido sign-in flow. Returns region-specific sign-in URLs for the user to open in their browser, OR confirms the user is already signed in. WHEN TO CALL THIS TOOL - The user explicitly asks to sign in, log in, authenticate, or connect to Aikido. - The user asks to switch Aikido accounts or re-authenticate. Pass `force_reauth: true` so the sign-in flow starts even if a token is already cached. - An earlier Aikido tool returned "ACTION REQUIRED — Aikido sign-in" and the user now wants to complete that sign-in. - The user pastes a token they copied from the Aikido sign-in modal (a fallback for when browser couldn't deliver the token automatically). Pass the value verbatim as the `token` argument. NEVER fabricate the `token` value. Only pass it when the user supplies an explicit string they copied from the Aikido UI. RESPONSE - If a `token` was passed: a short confirmation that the token was stored, or an error if it didn't look like a valid Aikido token. - If already signed in and `force_reauth` is not set: a short confirmation message. Continue with whatever the user actually wanted. - If sign-in is needed (or `force_reauth` was set): three region-specific URLs (EU / US / ME) plus instructions. The URLs contain a one-time `state` token and `redirect_uri` that MUST be passed through verbatim — do not strip query parameters when showing them to the user.
writetrueunknown

02Install & source
npx -y @aikidosec/mcp
npx

03Access granted
Manage GitHub · write

The access this server can exercise, inferred from its verified tools — not a declared OAuth scope.


04Trust reasoning
  • 0
    Community server
    official_status
  • -3
    No clear license
    license
  • -3
    Exposes write tools
    tool_risk
  • +10
    MCP handshake verified
    verification
  • +5
    tools/list verified
    verification

05Provenance & freshness
sourcesnpm registry [p4]
last_checked2026-07-01 07:52Z
next_check2026-07-03 07:30Z
cadenceevery 48h
verifiedtools_list:passed handshake:passed metadata:passed metadata:passed metadata:passed metadata:passed metadata:failed
index_statusindex6 unique facts >= 5

06Badge

Show your MCPExplorer trust badge in your README. @aikidosec/mcp on MCPExplorer

[![MCPExplorer](https://mcpexplorer.com/badge/aikidosec-mcp.svg)](https://mcpexplorer.com/servers/aikidosec-mcp)

Next step

Want agents that act within guardrails? Apex is the live governed-agent product — paced, capped, and fully-logged actions with approval queues before anything runs.

Explore Apex →
@aikidosec/mcp — MCPExplorer