← Index

CrowdStrike Falcon MCP Server

io.github.CrowdStrike/falcon-mcp·v0.13.0·Security

Connects AI agents with CrowdStrike Falcon for security analysis and automation.

In-path gate · all MCP tools

Using CrowdStrike Falcon MCP Server in Claude, Cursor, Gemini CLI, Cline, or Zed?

MCP tool contracts can change remotely with no version bump. The mcpindex gate pins each contract and HOLDs the call when it drifts—before your agent acts. Zero credentials. This is not the package install for this server itself (use Install this server for that).

Install the mcpindex gate (one command)

Rewrites your MCP host config so each server launches behind the gate. Inspect first: curl -fsSL https://mcpindex.ai/install.sh | less

curl -fsSL https://mcpindex.ai/install.sh | sh
Trust verdict · v1 advisory · method
REVIEWstatus: PARTIALfresh until 2026-08-05 23:02 UTC
screened 2026-07-06tier: scannedgranularity: description-levelsource: registry

Semantic screen found no manipulation pattern in the description. Conformance probe not yet run.

mcpindex.integrity.descriptionpassINFO

evidenceNo malicious instructions foundvia static_description

Limits of this verdict
  • - Semantic screen only - the deterministic conformance probe has not run on this server
  • - Confidence is reported but not yet calibrated (v1)
  • - Screen reads the tool description, not the live behavior
  • - advisory
  • - registry description only no input schema
  • - screen model 8b

Semantic screen: an LLM judge reads the tool description for hidden instructions (status PARTIAL). A pass means the description is not lying, not that the tool is safe: a high-capability tool with an honest description still warrants caution. The deterministic conformance probe has not been run on this server yet, so the screen here is semantic-only. Posture: advisory. Confidences are reported but not yet calibrated (calibrated=false at v1). Full verdict history is not shown on this page.

Own this server? Screen its description →

Embed this badge

A live verdict badge for your README or listing. It reflects the current screen, links back here, and updates when the verdict does.

Markdown
[![mcpindex](https://mcpindex.ai/api/v1/badge/io-github-crowdstrike-falcon-mcp)](https://mcpindex.ai/server/io-github-crowdstrike-falcon-mcp)
HTML
<a href="https://mcpindex.ai/server/io-github-crowdstrike-falcon-mcp"><img src="https://mcpindex.ai/api/v1/badge/io-github-crowdstrike-falcon-mcp" alt="mcpindex verdict" height="20" /></a>
Environment variables
FALCON_CLIENT_ID
requiredsecret

CrowdStrike API client ID

FALCON_CLIENT_SECRET
requiredsecret

CrowdStrike API client secret

FALCON_BASE_URL

CrowdStrike API region URL

FALCON_MEMBER_CID

Child CID for Flight Control (MSSP) support

FALCON_MCP_MODULES

Comma-separated list of modules to enable

FALCON_MCP_TRANSPORT

Transport protocol to use

FALCON_MCP_DEBUG

Enable debug logging

FALCON_MCP_HOST

Host to bind to for HTTP transports

FALCON_MCP_PORT

Port to listen on for HTTP transports

FALCON_MCP_USER_AGENT_COMMENT

Additional information to include in the User-Agent comment section

FALCON_MCP_STATELESS_HTTP

Enable stateless HTTP mode for scalable deployments

FALCON_MCP_API_KEY
secret

API key for HTTP transport authentication (x-api-key header)

MCP quality score · maturity, not trust · methodology
freshness
25
completeness
15
installability
25
documentation
15
stability
5
Alternatives in Security