mcpindex.aiv0
← Index

io.github.joepangallo/web-recon-agent

io.github.joepangallo/web-recon-agent·v0.8.1·Security
Quality Score
79
/100

Owned-target web security assessment MCP server for authenticated, high-friction apps.

Repository →
§01  Install
Claude Desktop (claude_desktop_config.json)
{
  "mcpServers": {
    "web-recon-agent": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-web-recon-agent"
      ],
      "env": {
        "MCP_TARGET_ALLOWLIST": "<mcp_target_allowlist>",
        "MCP_OWNED_TARGETS": "<mcp_owned_targets>",
        "MCP_JOB_STORE_PATH": "<mcp_job_store_path>",
        "MCP_MAX_CONCURRENT": "<mcp_max_concurrent>",
        "MCP_CONFIG_PATH": "<mcp_config_path>"
      }
    }
  }
}
Cursor (.cursor/mcp.json)
{
  "mcpServers": {
    "web-recon-agent": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-web-recon-agent"
      ],
      "env": {
        "MCP_TARGET_ALLOWLIST": "<mcp_target_allowlist>",
        "MCP_OWNED_TARGETS": "<mcp_owned_targets>",
        "MCP_JOB_STORE_PATH": "<mcp_job_store_path>",
        "MCP_MAX_CONCURRENT": "<mcp_max_concurrent>",
        "MCP_CONFIG_PATH": "<mcp_config_path>"
      }
    }
  }
}
Cline (cline_mcp_settings.json)
npx -y mcp-web-recon-agent
§02  Environment variables
MCP_TARGET_ALLOWLIST
required

Comma-separated hostnames allowed for scanning. Required.

MCP_OWNED_TARGETS

Comma-separated hostnames you explicitly own to unlock active and owned-aggressive scan modes.

MCP_JOB_STORE_PATH

Optional path for persisted job metadata. Defaults to mcp-jobs.json in the current working directory.

MCP_MAX_CONCURRENT

Optional maximum number of concurrent scan jobs. Defaults to 2.

MCP_CONFIG_PATH

Optional path to a JSON config file that overrides allowlist and concurrency settings.

§03  MCP Quality Score  ·  methodology
freshness
24
completeness
10
installability
25
documentation
15
stability
5
§04  Alternatives in Security
Helixar Security
ai.helixar/mcp

Security tools for AI agents: scan MCP servers, validate HDP delegation chains, audit releases.

ai.smithery/Nekzus-npm-sentinel-mcp
ai.smithery/Nekzus-npm-sentinel-mcp

Provide AI-powered real-time analysis and intelligence on NPM packages, including security, depend…

app.zenable/zenable
app.zenable/zenable

Zenable cleans up sloppy AI code and prevents vulnerabilities with deterministic guardrails