Updated July 2026
When a dependency alert lands or a CVE ID shows up in a bulletin, the questions are always: how bad is it, is it actively exploited, and what version fixes it. Answer all three without leaving Claude Code.
claude mcp add --transport http security-intel https://security-intel-mcp.greenfield1775.workers.dev/mcpNo API key needed for CVE or package lookups.
"Is CVE-2021-44228 actively exploited?"Claude calls cve_lookup and returns severity (CRITICAL, 10.0), the CISA KEV entry with required remediation action, affected products, and references.
"Check lodash 4.17.20 for known vulnerabilities"returns each vulnerability ID, severity, and the exact fixed versions.
Before adding any new dependency, run package_vulnerabilities on it.Open source (MIT), self-hostable — see GitHub.