servers / aikidosec-mcp
@aikidosec/mcp
communityunknownnpmwrite capablehealthy
Aikido MCP server
49/ 100
01Tools · 4
| Tool | Risk | Side effects | Approval |
|---|---|---|---|
| aikido_ignore_issue
Tool to ignore a security issue from Aikido feed.
WHEN TO CALL THIS TOOL
- The user wants to ignore a security issue from the Aikido feed.
- The user provides the issue ID and the reason for ignoring the issue.
| unknown | unknown | unknown |
| aikido_issues_list
Tool to fetch security issues from Aikido feed.
WHEN TO CALL THIS TOOL
- The user asks to list, show, count, or summarize Aikido security issues from the aikido feed.
- The user can scope the issues to a specific cloud name, repo name, vm name, domain name, container name, team name or workspace name.
- The user can scope the issues of a repository to a specific branch name
- You are about to triage or fix security issues and need the current issue set.
OUTPUT FORMATTING EXAMPLE:
Issue #1: <issue_title>
- ID: <issue_id>
- Issue type: <issue_type>
- Severity: <issue_severity> (<issue_severity_label>)
- Remediation: <issue_remediation>
| write | true | unknown |
| aikido_full_scan
Runs an Aikido SAST and Secrets scan locally on provided code files returns the findings in JSON format.
Files should be provided as paths relative to the root of the workspace or repository (Unix-style paths).
If this is not possible, just the filename should be given.
There is a limit of 50 files that can be scanned in a single request. If you need to scan more files, you can do multiple requests.
If a repository name is provided, it will be used to identify the repository in the Aikido platform.
Only pass a repository name if the files are actually coming from a repository - do not provide a repository name for standalone files or files from a local workspace that is not part of a repository.
Use this tool when you need to:
- scan code files for SAST vulnerabilities
- scan code files for Secrets vulnerabilities
| unknown | unknown | unknown |
| aikido_login
Starts the Aikido sign-in flow. Returns region-specific sign-in URLs for the user
to open in their browser, OR confirms the user is already signed in.
WHEN TO CALL THIS TOOL
- The user explicitly asks to sign in, log in, authenticate, or connect to Aikido.
- The user asks to switch Aikido accounts or re-authenticate. Pass
`force_reauth: true` so the sign-in flow starts even if a token is already cached.
- An earlier Aikido tool returned "ACTION REQUIRED — Aikido sign-in" and the user
now wants to complete that sign-in.
- The user pastes a token they copied from the Aikido sign-in modal (a fallback for when
browser couldn't deliver the token automatically). Pass the value verbatim as the `token` argument.
NEVER fabricate the `token` value. Only pass it when the user supplies an
explicit string they copied from the Aikido UI.
RESPONSE
- If a `token` was passed: a short confirmation that the token was stored, or
an error if it didn't look like a valid Aikido token.
- If already signed in and `force_reauth` is not set: a short confirmation
message. Continue with whatever the user actually wanted.
- If sign-in is needed (or `force_reauth` was set): three region-specific URLs
(EU / US / ME) plus instructions. The URLs contain a one-time `state` token
and `redirect_uri` that MUST be passed through verbatim — do not strip query
parameters when showing them to the user.
| write | true | unknown |
02Install & source
npx -y @aikidosec/mcp
npx03Access granted
Manage GitHub · write
The access this server can exercise, inferred from its verified tools — not a declared OAuth scope.
04Trust reasoning
- 0Community serverofficial_status
- -3No clear licenselicense
- -3Exposes write toolstool_risk
- +10MCP handshake verifiedverification
- +5tools/list verifiedverification
05Provenance & freshness
sourcesnpm registry [p4]
last_checked2026-07-01 07:52Z
next_check2026-07-03 07:30Z
cadenceevery 48h
verifiedtools_list:passed handshake:passed metadata:passed metadata:passed metadata:passed metadata:passed metadata:failed
index_statusindex — 6 unique facts >= 5
06Badge
Show your MCPExplorer trust badge in your README.
[](https://mcpexplorer.com/servers/aikidosec-mcp)
Next step
Want agents that act within guardrails? Apex is the live governed-agent product — paced, capped, and fully-logged actions with approval queues before anything runs.
Explore Apex →