Ga naar inhoud
BoringSec
MCP Quick InstallNo API key copy

Install BoringSec MCP in one copy-paste flow.

Open a terminal in your project folder, paste the commands below, approve the short browser code, then restart Claude Code or Cursor. BoringSec stores a dedicated device credential for you, so beginners do not have to handle raw secrets.

Copy install commandsCreate account
What you get after setup
Inline project security review from Claude Code or Cursor.
AI-ready fixes for auth gaps, secrets, SSRF, webhooks, and risky code.
Workspace rules: AGENTS.md, .cursorrules, and BoringSec policy bundle.
Privacy-safe MCP cockpit with device status and recent run summaries.

Copy this into Terminal

Use this when you want BoringSec available in both Claude Code and Cursor for the current project.

terminal
npx -y @boringsec/claude-code login
npx -y @boringsec/claude-code init --editor both --scope project --write-rules
npx -y @boringsec/claude-code doctor

Claude Code only

terminal
npx -y @boringsec/claude-code login
npx -y @boringsec/claude-code init --editor claude --scope project --write-rules

Cursor only

terminal
npx -y @boringsec/claude-code login
npx -y @boringsec/claude-code init --editor cursor --scope project --write-rules

Step 1

Run login

The command starts device authorization. If the browser does not open automatically, the terminal will show a URL and a short code.

Step 2

Approve in browser

Sign in or create an account, confirm the code on /auth/device, then click approve.

Step 3

Bootstrap project config

The init command writes the MCP config and starter rule files for your editor. Commit these project config files if your team wants the same setup.

Step 4

Restart and run review

Restart Claude Code or Cursor, then ask the assistant to run a BoringSec workspace review.

First prompt to paste into your AI editor

prompt
Use BoringSec MCP to review this project for security issues.
Start with boringsec_workspace_review.
Show critical risks first, explain why they matter, then give me safe fixes I can apply.

If anything fails

terminal
npx -y @boringsec/claude-code doctor --fix
npx -y @boringsec/claude-code status
npx -y @boringsec/claude-code rotate
npx -y @boringsec/claude-code logout --revoke

No tools in editor

Restart the editor after init. Then run doctor --fix to repair local config.

Authorization denied

MCP uses authenticated API access. If your plan does not include MCP yet, upgrade or ask the workspace owner for access.