Skip to main content

squirrelscan for GitHub Copilot

Run a website audit and SEO check from Copilot agent mode in VS Code, then fix what it finds without switching windows.

Install
$
249+ rules·21 categories·runs locally

Copilot agent mode in VS Code can already run terminal commands on your behalf, which means it can run squirrelscan too. Ask it to audit the site you're working on and it will install the CLI, crawl the pages, and hand you a prioritized list of issues right in the chat panel.

There are two ways to wire this up. The quick one is just asking Copilot to run the CLI in your integrated terminal, it figures out the command. The deeper one connects the hosted squirrelscan MCP server, which gives Copilot native tools for cloud audits, the issue tracker, and the full 249-rule catalog instead of parsed terminal output.

Setup

  1. 1

    Install the squirrelscan CLI

    One line, works in the same shell Copilot's agent mode drives.

    bash
    curl -fsSL https://install.squirrelscan.com | sh
  2. 2

    Ask Copilot to run an audit

    Open Copilot Chat, switch to agent mode, and describe what you want. It runs the CLI in the integrated terminal and reads the output back to you.

    text
    Audit https://example.com with squirrelscan and list the top issues by severity
  3. 3

    Or connect the hosted MCP server

    VS Code's built-in MCP client (1.101+) handles the OAuth handshake for you. Save this to .vscode/mcp.json and Copilot gets squirrelscan's tools directly, no CLI parsing required.

    json
    {
      "servers": {
        "squirrelscan": {
          "type": "http",
          "url": "https://mcp.squirrelscan.com/mcp"
        }
      }
    }
  4. 4

    Use an API key for CI or a shared repo config

    Committing .vscode/mcp.json to the repo? Use a prompted secret input instead of a browser sign-in, so teammates aren't forced through OAuth just to open the project.

    json
    {
      "inputs": [
        {
          "type": "promptString",
          "id": "squirrelscan-api-key",
          "description": "squirrelscan API key",
          "password": true
        }
      ],
      "servers": {
        "squirrelscan": {
          "type": "http",
          "url": "https://mcp.squirrelscan.com/mcp",
          "headers": { "Authorization": "Bearer ${input:squirrelscan-api-key}" }
        }
      }
    }

Frequently asked questions

Does GitHub Copilot support MCP servers?
Yes, VS Code's built-in MCP client (version 1.101 and later) connects Copilot agent mode to remote MCP servers over streamable HTTP, including OAuth sign-in with no extra setup.
Do I need Copilot Business or Enterprise to use squirrelscan?
No for the CLI path, agent mode just runs terminal commands. For the MCP path on a Copilot Business or Enterprise plan, an org owner needs to enable MCP servers and allow servers outside GitHub's public registry, since squirrelscan isn't listed there.
Is running audits through Copilot free?
Local CLI audits are free and run on your machine. The hosted MCP server's cloud audits, with browser rendering and shareable reports, use pay-as-you-go credits, and Copilot is expected to confirm the estimate with you first.
Can I scope the MCP server to just one project?
Yes. A .vscode/mcp.json file in the repo is workspace-scoped and safe to commit since OAuth tokens live in your keychain, not the file. Use the user mcp.json instead if you want squirrelscan available in every project.

Get started

Follow the docs quickstart, or see what a finished audit looks like.

Audit your site in one command

SEO, performance, security, accessibility and agent experience issues, with exact fixes for your coding agent.

Install
$

No account needed for the CLI. Cloud audits include free monthly credits.