CrowdStrike Falcon MCP Server
Connects AI agents with CrowdStrike Falcon for security analysis and automation.
Using CrowdStrike Falcon MCP Server in Claude, Cursor, Gemini CLI, Cline, or Zed?
MCP tool contracts can change remotely with no version bump. The mcpindex gate pins each contract and HOLDs the call when it drifts—before your agent acts. Zero credentials. This is not the package install for this server itself (use Install this server for that).
Rewrites your MCP host config so each server launches behind the gate. Inspect first: curl -fsSL https://mcpindex.ai/install.sh | less
curl -fsSL https://mcpindex.ai/install.sh | shSemantic screen found no manipulation pattern in the description. Conformance probe not yet run.
mcpindex.integrity.descriptionpassINFOevidence“No malicious instructions found”via static_description
- - Semantic screen only - the deterministic conformance probe has not run on this server
- - Confidence is reported but not yet calibrated (v1)
- - Screen reads the tool description, not the live behavior
- - advisory
- - registry description only no input schema
- - screen model 8b
Semantic screen: an LLM judge reads the tool description for hidden instructions (status PARTIAL). A pass means the description is not lying, not that the tool is safe: a high-capability tool with an honest description still warrants caution. The deterministic conformance probe has not been run on this server yet, so the screen here is semantic-only. Posture: advisory. Confidences are reported but not yet calibrated (calibrated=false at v1). Full verdict history is not shown on this page.
Own this server? Screen its description →
A live verdict badge for your README or listing. It reflects the current screen, links back here, and updates when the verdict does.
[](https://mcpindex.ai/server/io-github-crowdstrike-falcon-mcp)<a href="https://mcpindex.ai/server/io-github-crowdstrike-falcon-mcp"><img src="https://mcpindex.ai/api/v1/badge/io-github-crowdstrike-falcon-mcp" alt="mcpindex verdict" height="20" /></a>FALCON_CLIENT_IDCrowdStrike API client ID
FALCON_CLIENT_SECRETCrowdStrike API client secret
FALCON_BASE_URLCrowdStrike API region URL
FALCON_MEMBER_CIDChild CID for Flight Control (MSSP) support
FALCON_MCP_MODULESComma-separated list of modules to enable
FALCON_MCP_TRANSPORTTransport protocol to use
FALCON_MCP_DEBUGEnable debug logging
FALCON_MCP_HOSTHost to bind to for HTTP transports
FALCON_MCP_PORTPort to listen on for HTTP transports
FALCON_MCP_USER_AGENT_COMMENTAdditional information to include in the User-Agent comment section
FALCON_MCP_STATELESS_HTTPEnable stateless HTTP mode for scalable deployments
FALCON_MCP_API_KEYAPI key for HTTP transport authentication (x-api-key header)
Security & DLP proxy for MCP: tool-poisoning scans, PII redaction on tool args/results. Beta.
91 keyless tools of live, verifiable data for AI: weather, hazards, space, CVEs. Ed25519-signed.
Security tools for AI agents: scan MCP servers, validate HDP delegation chains, audit releases.