MCP Connector

Security scanning
inside your AI coding environment

Connect Founder Hardening to Claude Code, Cursor, Windsurf, Lovable, or Replit. Ask your AI to scan any site — it calls our API and returns findings with exact fixes.

Get your free API key

No account needed. Enter a name to identify this key, click Get Key, and follow the setup instructions for your platform below.

Your API Key
⚠ Save this key now — it will not be shown again.

Setup instructions

Choose your platform. Paste your API key where shown — replace YOUR_API_KEY with the key above.

Claude Code
Cursor
Windsurf
Lovable
Replit
1 Create .mcp.json in your project root
{
  "mcpServers": {
    "founderhardening": {
      "type": "http",
      "url": "https://founderhardening.com/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_API_KEY"
      }
    }
  }
}
2 Restart Claude Code and confirm the tool is available

In the Claude Code chat, run: /mcp — you should see founderhardening listed with a scan_site tool.

3 Try it
Scan https://myapp.com for security issues and tell me what to fix.
1 Open Cursor Settings → MCP

Go to Cursor → Settings → MCP (or edit ~/.cursor/mcp.json directly).

2 Add the Founder Hardening server
{
  "mcpServers": {
    "founderhardening": {
      "type": "http",
      "url": "https://founderhardening.com/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_API_KEY"
      }
    }
  }
}
3 Reload and test in Composer
Use the founderhardening tool to scan https://myapp.com
1 Open Windsurf Settings → MCP Servers

In Windsurf, go to Settings → MCP Servers → Add Server, or edit ~/.windsurf/mcp.json.

2 Add the server config
{
  "mcpServers": {
    "founderhardening": {
      "type": "http",
      "url": "https://founderhardening.com/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_API_KEY"
      }
    }
  }
}
3 Test in Cascade
Scan https://myapp.com using founderhardening and list the issues by severity.
1 Open your Lovable project settings

Go to Project Settings → Integrations → MCP in your Lovable project.

2 Add the Founder Hardening MCP server

Server URL: https://founderhardening.com/mcp
Auth header: Authorization: Bearer YOUR_API_KEY

3 Scan your own Lovable project
Scan my deployed app at https://myapp.lovable.app for security issues.
1 Open your Repl and go to Tools → MCP

In your Replit workspace, find Tools → AI → MCP Servers.

2 Add the MCP server
{
  "mcpServers": {
    "founderhardening": {
      "type": "http",
      "url": "https://founderhardening.com/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_API_KEY"
      }
    }
  }
}
3 Test in the Replit AI chat
Check if my app at https://myapp.repl.co has any security issues.

What it looks like in use

You
Scan https://myapp.com for security issues and fix what you can.
AI
Calls scan_site({ url: "https://myapp.com" })
Result
Score: 61/100 — Grade C
🔴 FAIL:HIGH — Missing Content-Security-Policy
🔴 FAIL:HIGH — No SPF record
🟡 WARN:MEDIUM — No DMARC record
🔵 WARN:LOW — Missing Permissions-Policy header
AI
Your site has 2 failures and 2 warnings. Starting with the most impactful — here's the nginx config to add a Content-Security-Policy header, and here's the DNS record to add for SPF…

Direct API reference

The MCP endpoint is standard JSON-RPC 2.0 over HTTP POST. You can also call it directly from any tool.

Discover (no auth)

GET https://founderhardening.com/mcp

Initialize

POST https://founderhardening.com/mcp
Authorization: Bearer YOUR_API_KEY
Content-Type: application/json

{
  "jsonrpc": "2.0",
  "id": 1,
  "method": "initialize",
  "params": {
    "protocolVersion": "2024-11-05",
    "clientInfo": { "name": "my-client", "version": "1.0" }
  }
}

List tools

POST https://founderhardening.com/mcp
Authorization: Bearer YOUR_API_KEY
Content-Type: application/json

{
  "jsonrpc": "2.0",
  "id": 2,
  "method": "tools/list"
}

Call scan_site

POST https://founderhardening.com/mcp
Authorization: Bearer YOUR_API_KEY
Content-Type: application/json

{
  "jsonrpc": "2.0",
  "id": 3,
  "method": "tools/call",
  "params": {
    "name": "scan_site",
    "arguments": {
      "url": "https://example.com"
    }
  }
}