Install and use MCP for AI tool integration | Fluid Attacks Help

Install and use MCP for AI tool integration

Fluid Attacks' Model Context Protocol (MCP) server is a helpful software component that allows AI systems to connect and work with the Fluid Attacks platform over the Internet.

Thanks to this integration, you can query the platform using natural language without leaving your preferred AI tool. This guide explains how to install it in Cursor and Claude and provides a couple of examples.
Advice for MCP use in Claude
Tips:
  1. Start chats with a mention of Fluid Attacks' API (e.g., "Using Fluid Attacks' API,").
  2. Always specify whether your requests are at the group or the organization level.
  3. For requests at the group level, specify the name of the organization as well.

Install the runtime environment

Follow these steps to install Node.js, which is required for using Fluid Attacks' MCP server. If you already have Node.js v22 installed, simply skip to the next section according to your need.
  1. It is recommended that you install Node Version Manager (nvm), as it allows you to have different versions of Node.js and switch between them according to your current need. To install nvm, open your terminal and run the following:

    2. curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.2/install.sh | bash

    Close and reopen your terminal or run the following command to load nvm into your current session:

    \. "$HOME/.nvm/nvm.sh"

  2. Install the Node.js version 22 with the following command (v18 or higher is required):

    3. nvm install 22

MCP server in Claude

Setup in Claude

Advice on generating API token
You need to generate an API token for the setup.
Set up Fluid Attacks' MCP server in Claude following these instructions:
  1. On Claude, go to the menu bar, click on Claude and then Settings.

    2. Open Claude settings

  2. Switch to the Developer tab and click the Edit Config button.

    3. Find Edit Config in Claude

  3. You are presented with a folder that contains the file claude_desktop_config.json. Open this file with a text editor.

  4. Paste the following into the configuration file, replacing your_api_token_here with the previously generated Fluid Attacks API token.

    5. {
      "mcpServers": {
        "fluid": {
          "command": "npx",
          "args": [
            "-y",
            "@fluidattacks/mcp"
          ],
          "env": {
            "API_TOKEN": "your_api_token_here"
          }
        }
      }
    }

  5. Save the file and close both it and Claude.

To interact with the platform, reopen Claude and start chatting! See an example below.

Example in Claude

The following example shows the generation of a vulnerability report for a specific group in a specific organization.

The prompt is the following:
"Using Fluid Attacks' APl, please generate a one-page report of the vulnerabilities found in the Narrabri group of the Imamura organization."
Prompt Claude to use the Fluid Attacks platform

Claude asks for permission before using a tool by the MCP server. The following screenshot references the fetch_group_vulnerabilities tool, which accesses the group's vulnerability information (like vulnerability status and severity).
Advice on MCP tools

Allow the Fluid Attacks tools on Claude

Claude then mentions the tools run and provides an outline of the report while generating the one-page document.

Generate a Fluid Attacks vulnerability report on Claude

MCP server in Cursor

Setup in Cursor

Advice on generating API token
Do not forget to generate an API token for the setup.
Set up Fluid Attacks' MCP server in Cursor following these instructions:
  1. On Cursor, go to the menu bar, click on Cursor and then go to Settings... > Cursor Settings.

    2. Open Cursor settings

  2. Navigate to MCP and click on Add new global MCP server.

    3. Add the Fluid Attacks MCP server on Cursor

  3. Paste the following into the configuration file, replacing your_api_token_here with the previously generated Fluid Attacks API token.

    4. {
      "mcpServers": {
        "fluid": {
          "command": "npx",
          "args": [
            "-y",
            "@fluidattacks/mcp"
          ],
          "env": {
            "API_TOKEN": "your_api_token_here"
          }
        }
      }
    }

  4. Save the file and close it.

Open a chat to start interacting with the platform. Just type the following into the input bar: >Cursor: New Chat. See an example of a chat in the next section.

Start chatting on Cursor

Example in Cursor

The following example shows the request for the vulnerability with the highest CVSS score in a specific file within a specific group in a specific organization.

The prompt used is the following:
"From the Fluid Attacks API, what is the highest severity (CVSS) vulnerability in the basketitems.ts file of the Clickable group within the Imamura Organization?"
Prompt Cursor to use the Fluid Attacks platform

Cursor asks for confirmation before running a tool by the MCP server. The following screenshot references the fetch_group_vulnerabilities tool, which retrieves vulnerability information (like vulnerability status and severity) from a specific file.

Allow the Fluid Attacks tool on Cursor

Cursor then responds with the type of vulnerability's name, as well as breaks down its CVSS score and informs of the lines of code where the vulnerability is present.

Query Cursor about findings by Fluid Attacks