Announcement

Attestd Is Now an MCP Tool: CVE and Supply Chain Checks Inside Claude Code

RobertUpdated May 16, 20263 min read
Dark terminal-style feature image. White text reads: CVE checks. Supply chain signals. Now in Claude Code. Below it: npx -y @attestd/mcp in teal monospace. Attestd branding bottom left.

Attestd Is Now an MCP Tool: CVE and Supply Chain Checks Inside Claude Code#

@attestd/mcp is live on npm. It is an official Model Context Protocol server that gives Claude Code, Claude Desktop, and any MCP-compatible AI client direct access to Attestd's CVE risk and supply chain integrity checks.

Add one JSON snippet to your MCP config. No server to host. No extra dependencies beyond Node 18.

Setup#

Add this to ~/.claude/mcp.json for global access, or .mcp.json in a project root for project-scoped access:

json
{
  "mcpServers": {
    "attestd": {
      "command": "npx",
      "args": ["-y", "@attestd/mcp"],
      "env": {
        "ATTESTD_API_KEY": "atst_..."
      }
    }
  }
}

That is the entire setup. npx -y handles the install on first use. An Attestd API key is required. Free tier available at api.attestd.io/portal/login, 1,000 calls a month, no credit card.

Two tools#

check_package_vulnerability#

The primary tool. Takes a product slug and an exact version string, returns a structured result the model can act on directly.

text
check_package_vulnerability("log4j", "2.14.1")
json
{
  "outsideCoverage": false,
  "riskState": "critical",
  "activelyExploited": true,
  "patchAvailable": true,
  "fixedVersion": "2.15.0",
  "supplyChainCompromised": false,
  "supplyChainDescription": null
}

The supply chain signal is independent of the CVE signal. A package can have riskState: "none" and supplyChainCompromised: true simultaneously. The node-ipc attack disclosed this week is exactly that case:

text
check_package_vulnerability("node-ipc", "9.1.6")
json
{
  "outsideCoverage": false,
  "riskState": "none",
  "activelyExploited": false,
  "patchAvailable": false,
  "fixedVersion": null,
  "supplyChainCompromised": true,
  "supplyChainDescription": "Malicious code in node-ipc (npm)"
}

No CVEs. npm audit returns clean. The supply chain flag is the only signal that catches it.

outsideCoverage: true means the product is not in Attestd's catalog. The tool description instructs the model to treat this as unknown risk, not a clean result. The model cannot treat an unsupported product as safe by default.

list_covered_products#

No API key required. Returns the full current catalog of supported slugs and display names. The model calls this first when unsure whether a product is supported before calling check_package_vulnerability.

What the model can do with it#

With Attestd as an MCP tool, Claude Code can check any dependency before recommending it, flag vulnerable versions inline while you are writing deployment configuration, and block on supply chain compromise signals that no CVE scanner would catch.

The tool description instructs the model to call check_package_vulnerability before deploying or recommending any software dependency. The structured return format gives the model concrete fields to branch on: block on riskState: "critical" or "high", block on supplyChainCompromised: true, flag activelyExploited: true as highest urgency, and surface fixedVersion as the upgrade recommendation.

Auth errors, rate limits, and unsupported products all return structured JSON. The tool never throws an unhandled error to the model.

Coverage#

Attestd covers infrastructure across databases, web servers, message brokers, container runtimes, language runtimes, authentication and identity tooling, CI/CD infrastructure, and more. Call list_covered_products or check attestd.io/docs/products for the current full list.

The catalog is expanding. Supply chain monitoring covers PyPI and npm packages including the full AI and ML framework ecosystem.

Links#