Skip to content

Configure the k9 MCP Server

The k9 MCP server brings Reachable Risk to your AI coding agent. It scores your CVE and dependency backlog by what is actually reachable in your code and actively exploited in the wild (KEV + EPSS), and returns a Fix Today / Schedule / Defer verdict with the evidence behind each call. Your agent supplies the reachability read; k9 supplies KEV + EPSS and the verdict.

It runs as a remote MCP server. Your agent connects over HTTP and you sign in with your k9 account on first connect. There is no API key or token to copy.

Before you start

  • A k9 account. Sign up at https://www.k9security.io/lp/reachable-risk/ (7-day free trial, no card). The trial clock starts on your first scored finding.
  • Endpoint: https://mcp.k9security.io/mcp (Streamable HTTP).
  • Authentication: OAuth. On first connect your agent opens a browser to sign into your k9 account. No API key.
  • Tools: lookup_kev, lookup_epss, score_risk, plus the risk_scoring_rubric prompt.

Many agents accept the generic mcpServers config-block form:

{
  "mcpServers": {
    "k9": {
      "type": "http",
      "url": "https://mcp.k9security.io/mcp"
    }
  }
}

Claude (claude.ai and Claude Desktop)

  1. Open Settings → Connectors → Add custom connector.
  2. Paste the k9 MCP server URL and click Add: https://mcp.k9security.io/mcp

Claude opens a browser to sign into your k9 account on first connect.

Claude Code

There are several ways to register an MCP server with Claude Code. The simplest:

claude mcp add --transport http k9 https://mcp.k9security.io/

Claude Code opens the browser sign-in on first use. Config-file equivalent: add the generic mcpServers block above to ~/.claude.json.

Opencode

  1. Add k9 to opencode.json (project root, or global ~/.config/opencode/opencode.json). Opencode uses its own mcp key with type: remote (not the mcpServers form):

    json { "$schema": "https://opencode.ai/config.json", "mcp": { "k9": { "type": "remote", "url": "https://mcp.k9security.io/mcp", "enabled": true } } }

  2. Authorize from the command line:

    opencode mcp auth k9

    This opens your browser to sign into your k9 account. This step is required. Opencode does not start the OAuth flow from inside its TUI, so if you skip it, k9 shows as "not connected."

  3. Confirm the connection with opencode mcp listk9 should show connected.

Notes

  • If you rename the server in opencode.json, re-run opencode mcp auth <new-name> — stored tokens are keyed to the server name.
  • Manage auth with opencode mcp auth k9, opencode mcp list, and opencode mcp logout k9. Tokens are stored at ~/.local/share/opencode/mcp-auth.json.

Other agents

Other MCP-capable agents (Cursor, OpenAI Codex CLI, Gemini CLI, and more) connect the same way. The endpoint and OAuth model are identical; only the config format and the auth trigger differ. Most read the generic mcpServers block above — for example, Cursor reads it from ~/.cursor/mcp.json (global) or .cursor/mcp.json (project).

If you get an agent connected and want us to document it here, reach out to support@k9security.io.

Score your first findings

In a repository with Dependabot alerts (or any CVE findings), ask your agent something like:

Please retrieve all of this project's open Dependabot alerts and score them for reachable risk.

Your agent gathers the findings and the reachability context; score_risk returns the FIX_TODAY / SCHEDULE / DEFER verdict with KEV + EPSS evidence. Your first scored finding starts the 7-day trial clock.


Last update: July 3, 2026