MCP capabilities and use cases | Fluid Attacks Help

Capabilities and use cases of the MCP

Some of the capabilities of our MCP are available to everyone (no authentication required), while others are available only for authenticated users (API token required).
Idea
Tips:
  1. Start chats with a mention of Fluid Attacks' API (e.g., "Using Fluid Attacks' API, [...]").
  2. Always specify whether your requests are at the group or the organization level.
  3. For requests at the group level, specify the name of the organization as well.

Analytics and reporting

Get organization analytics

Tool: get_organization_analytics
What it does: Shows security trends and metrics for your entire organization.

When to use:

  1. Monthly security reviews
  2. Executive reporting
  3. Tracking security improvement over time

Examples of requests:

  1. "Show me our ORGANIZATION_NAME's security risk trend for the last quarter."
  2. "How has our vulnerability count changed over time in the group GROUP_NAME?"
Notes
API token required.

Get group analytics

Tool: get_group_analytics

What it does: Shows security trends and metrics for a specific group/project.

When to use:

  1. Project-specific security reviews
  2. Sprint planning
  3. Tracking remediation progress

Examples of requests:

  1. "Show the security trend for the group GROUP_NAME."
  2. "How many vulnerabilities were fixed in the group GROUP_NAME this month?"
  3. "What's the distribution of vulnerabilities in the group GROUP_NAME?"
Notes
API token required.

Vulnerability discovery and management

Find weaknesses in a group

Tool: fetch_group_weaknesses

What it does: Lists types of security issues (e.g., SQL Injection, XSS) found in your projects.

When to use:

  1. Understanding what types of vulnerabilities you have
  2. Planning targeted security training
  3. Prioritizing remediation efforts

Examples of requests:

  1. "What types of vulnerabilities exist in the group GROUP_NAME?"
  2. "Show me all critical security weaknesses in the group GROUP_NAME."
  3. "List SQL injection findings across my groups."
Notes
API token required.

Find specific vulnerabilities

Tool: fetch_weakness_vulnerabilities

What it does: Lists exact instances of vulnerabilities with their locations in your code.

When to use:

  1. Assigning fixes to developers
  2. Tracking specific security issues
  3. Understanding where problems exist in your code

Examples of requests:

  1. "Show me all XSS vulnerabilities in the frontend code repo for the group GROUP_NAME."
  2. "List untreated vulnerabilities by priority for the group GROUP_NAME."
  3. "What vulnerabilities are in the authentication module of the group GROUP_NAME?"
Notes
API token required.

Get vulnerability details

Tool: get_vulnerability_details

What it does: Shows complete information about a specific vulnerability.

When to use:

  1. Investigating a security issue
  2. Understanding how to fix a vulnerability
  3. Reviewing a vulnerability before closing it

Examples of requests:

  1. "Show me details for vulnerability VULNERABILITY_UUID."
  2. "What's the full information on the SQL injection in login.py for the group GROUP_NAME?"
Notes
API token required.

Get a vulnerability report

Tool: get_group_weaknesses_report

What it does: Creates a comprehensive report grouping vulnerabilities by type.

When to use:

  1. Security audits
  2. Compliance reporting
  3. Sprint planning meetings
  4. Management presentations

Examples of requests:

  1. "Generate a vulnerability report for the ProductionAPI group."
  2. "Show me a report of all open security issues in the group GROUP_NAME."
  3. "Create a summary of vulnerabilities by severity in the group GROUP_NAME."
Notes
API token required.

Get a vulnerability overview

Tool: get_group_weaknesses_overview

What it does: Shows counts of vulnerabilities and weaknesses at a glance.

When to use:

  1. Quick daily status checks
  2. Dashboard creation
  3. Priority assessment

Examples of requests:

  1. "How many open vulnerabilities do we have in the group GROUP_NAME?"
  2. "Give me a vulnerability count summary for the group GROUP_NAME."
  3. "What's the current vulnerability status for the group GROUP_NAME?"
Notes
API token required.

Asset discovery (roots)

View Git repositories

Tool: get_group_git_roots

What it does: Lists source code repositories being tested for security.

When to use:

  1. Verifying what code is being scanned
  2. Finding specific repositories
  3. Ensuring all code is covered

Examples of requests:

  1. "What Git repositories are we testing?"
  2. "Show me all code repositories for the group GROUP_NAME."
  3. "Is the frontend repository being scanned?"
Notes
API token required.

View IP addresses

Tool: get_group_ip_roots

What it does: Lists applications and services accessible via IP addresses being tested. 

When to use:

  1. Black-box testing scope verification
  2. Network security assessment
  3. Infrastructure testing

Examples of requests:

  1. "What IP addresses are we scanning?"
  2. "Show me all tested network endpoints."
  3. "List IPs being tested for the WebApp group."
Notes
API token required.

View URLs

Tool: get_group_url_roots

What it does: Lists live websites and web applications being tested.

When to use:

  1. Verifying production testing scope
  2. Web application security assessment
  3. Ensuring all environments are covered

Examples of requests:

  1. "What websites are we testing?"
  2. "Show me all URLs for the E-commerce project."
  3. "List production environments being scanned."
Notes
API token required.

View vulnerabilities by root

Tool: fetch_group_root_vulnerabilities

What it does: Shows vulnerabilities found in a specific repository, IP, or URL.

When to use:

  1. Repository-specific security review
  2. Assigning work to teams responsible for specific assets
  3. Understanding security issues in one part of your infrastructure

Examples of requests:

  1. "What vulnerabilities are in the main-app repository?"
  2. "Show me security issues for the production URL."
  3. "List vulnerabilities found in the API server IP."
Notes
API token required.

Security scanning

Run SCA scanner

Tool: run_sca_scanner
What it does: Provides instructions to scan your project dependencies for known vulnerabilities.

When to use:

  1. After adding new dependencies
  2. Before releasing new versions
  3. Regular security audits of libraries

Examples of requests:

  1. "How do I scan my dependencies?"
  2. "Run an SCA scan on this project."
  3. "Check my npm packages for vulnerabilities."

What it scans:

  1. Package.json and lock files
  2. Requirements.txt and poetry files
  3. Composer.json
  4. pom.xml and gradle files
  5. Any dependency management files

Run SAST scanner

Tool: run_sast_scanner

What it does: Provides instructions to scan your source code for security vulnerabilities.

When to use:

  1. After writing new code
  2. Before code reviews
  3. Pre-deployment security checks

Examples of requests:

  1. "How do I scan my code for vulnerabilities?"
  2. "Run a SAST scan on the authentication module."
  3. "Check my Python code for security issues."

What it finds:

  1. SQL injection
  2. Cross-site scripting (XSS)
  3. Security misconfigurations
  4. Hardcoded secrets
  5. Insecure cryptography
  6. And 100+ other vulnerability types

Run both scanners

Tool: run_sca_and_sast_scanners

What it does: Provides instructions to run SAST and SCA scans together.

When to use:

  1. Comprehensive security assessment
  2. Pre-production security gate
  3. Weekly security checks

Examples of requests:

  1. "Run a complete security scan."
  2. "Scan both my code and dependencies."
  3. "Do a full security assessment."
NotesNo authentication required. However, Docker is required to run the scanners. See "Install Docker to run scanners" for more information.

DevSecOps integration

View CI/CD security results

Tool: get_devsecops_agent_executions

What it does: Shows results from automated security scans in your development pipeline.

When to use:

  1. Checking build status
  2. Investigating failed security gates
  3. Monitoring automation effectiveness

Examples of requests:

  1. "How many builds failed security checks this week for the group GROUP_NAME?"
  2. "What was the result of the last Forces execution for the group GROUP_NAME?"
Notes
API token required.

View unsolved events

Tool: get_unsolved_events

What it does: Lists security incidents and situations requiring attention.

When to use:

  1. Daily incident review
  2. Security event management
  3. Prioritizing urgent issues

Examples of requests:

  1. "What security events need my attention?"
  2. "Show me unsolved incidents."
  3. "List open security events."
Notes
API token required.

Knowledge Base/Documentation

Search articles

Tool: search_related_articles

What it does: Searches Fluid Attacks' security knowledge base for relevant information.

When to use:

  1. Learning about vulnerability types
  2. Finding remediation guidance
  3. Understanding security concepts

Examples of requests:

  1. "How to configure the SCA scanner to run on Azure DevOps?"
  2. "What is cross-site scripting?"

Topics covered:

  1. Vulnerability explanations
  2. Remediation guides
  3. Security best practices
  4. Platform usage instructions
  5. Compliance guidance
Notes
No authentication required.

Specialized prompts

The implementation of our MCP includes the following specialized prompts, which are designed to help AI agents perform security-related tasks:

run_sca

Pass the instructions to run the SCA scanner to the LLM.
Usage: /fluidattacks-mcp/run_sca

run_sast

Pass the instructions to run the SAST scanner to the LLM.
Usage: /fluidattacks-mcp/run_sast

run_sca_and_sast

Pass the instructions to run the SCA and SAST scanners to the LLM.
Usage: /fluidattacks-mcp/run_sca_and_sast

get_technology_based_remediation_strategy

Pass the technology-specific remediation guidance to the LLM.
Usage: /fluidattacksmcp/get_technology_based_remediation_strategy
Notes
This is the only prompt that requires an API token.

configure_github_sca_integration

Pass the instructions to configure the SCA scanner to run on GitHub Actions to the LLM.
Usage: /fluidattacks-mcp/configure_github_sca_integration

configure_github_sast_integration

Pass the instructions to configure the SAST scanner to run on GitHub Actions to the LLM.
Usage: /fluidattacks-mcp/configure_github_sast_integration

configure_agents_md

Configure the AGENTS.md file in the project root directory.
Usage: /fluidattacks-mcp/config_agents_md

How to use these prompts

To use Fluid Attacks MCP prompts, you start by typing the command name in the chat of your AI agent. For example, to configure the AGENTS.md file, you would type: /fluidattacks-mcp/config_agents_md

Commands to use Fluid Attacks MCP prompts

Select the command you want to use and press Enter.
Idea
Tip: Have an idea to simplify our architecture, or noticed docs that could use some love? Don't hesitate to open an issue or submit improvements.