squirrelscan has always been built for AI agents first: a CLI, then a skill, then a local MCP server your agent could launch over stdio. That last one worked, but it still asked for something: install the binary, keep it on PATH, configure a local process per machine. Today that requirement goes away. squirrelscan now runs as a hosted MCP server, and your agent can use it without installing anything at all.
Connect in one command
The endpoint is https://mcp.squirrelscan.com/mcp, speaking the streamable-http transport. In Claude Code:
claude mcp add --transport http squirrelscan https://mcp.squirrelscan.com/mcpCursor, Codex, VS Code and friends all support remote MCP servers the same way: point them at that URL and you're connected. No package to install, no version to keep in sync, no local process to babysit.
Sign in, don't copy-paste
Most MCP clients now speak OAuth, and squirrelscan's server discovers itself to them automatically. There's a full OAuth 2.1 authorization server behind the endpoint: dynamic client registration, PKCE, and client ID metadata documents (the client.dev pattern), all advertised at /.well-known/oauth-authorization-server. Practically, that means Claude Code (or whatever you're using) shows you a sign-in prompt, you approve it from the dashboard, and the client holds a scoped token from then on. No key to generate, copy, and paste into a config file.
For clients that only speak bearer tokens, or for CI and scripts, API keys still work exactly as you'd expect: Authorization: Bearer sq_.... Mint one with squirrel keys create --shell and it writes the export SQUIRRELSCAN_API_KEY=sq_... line straight into your shell rc after you confirm. Either path lands you at the same 14 tools.
What your agent can actually do
Once connected, the useful move is asking it to run whoami first: it tells the agent which org it's acting for, the plan, and the current credit balance, so nothing downstream is a surprise.
From there, run_audit kicks off a full crawl and 245-rule pass on a URL. Credits are pay-as-you-go, so the first call comes back with an estimate and a confirmation_required status instead of just spending money: the agent has to show you the number and call again with confirm: true before anything runs. There's also a max_credits guard if you'd rather set a ceiling up front than eyeball every run. Audits are async, so the agent polls get_audit_status by run ID, then calls get_report once it's done, in summary JSON, a compact LLM-optimized text render, or full markdown, whichever fits the context budget.
Beyond running new audits, the agent can list websites and past runs, work the issue tracker for a site (list_issues, get_issue, comment_on_issue, so it can leave a note on exactly what it fixed), and browse the rule catalog (list_rules, get_rule) to explain why something failed. It can check the credit balance directly, too.
The one that surprises people: if you signed in over OAuth, the agent can mint its own scoped API key with create_api_key, handy for wiring up CI without you touching the dashboard. Keys minted this way can never carry the scope needed to mint more keys, so there's no recursive key-printing loop waiting to happen. We checked.
A front door machines can actually read
Alongside the MCP endpoint, squirrelscan now publishes /.well-known/integrations.json, /.well-known/mcp/server-card.json, /.well-known/api-catalog, and a proper /llms.txt. Which means we finally had to run our own ax/llms-txt rule against ourselves. It passed, though we'll admit checking felt a little like grading your own homework.
Go connect something
Full setup guides for Claude Code, Cursor, Codex CLI, VS Code Copilot, and more, plus example prompts, live at docs.squirrelscan.com/developers/mcp. If you run an agent registry or discovery tool, squirrelscan is also making its way onto integrations.sh, built straight off the same integrations.json linked above.
Point your agent at the URL, ask it to audit something, and see what comes back.

