Inkog MCP Server

Inkog MCP Server

Build secure AI agents from the start. Inkog is the security co-pilot for AI agent development — scan for vulnerabilities, verify AGENTS.md governance, audit MCP servers before installation, and map to EU AI Act compliance. Available in Claude, ChatGPT, Cursor, and any MCP-compatible client.

When to Use Inkog

• Building an AI agent — Scan during development to catch infinite loops, prompt injection, and missing guardrails before they ship
• Adding security to CI/CD — Add inkog-io/inkog@v1 to GitHub Actions for automated security gates on every PR
• Preparing for EU AI Act — Generate compliance reports mapping your agent to Article 14, NIST AI RMF, OWASP LLM Top 10
• Reviewing agent code — Use from Claude Code, Cursor, or any MCP client to get security analysis while you code
• Auditing MCP servers — Check any MCP server for tool poisoning, privilege escalation, or data exfiltration before installing
• Verifying AGENTS.md — Validate that governance declarations match actual code behavior
• Building multi-agent systems — Detect delegation loops, privilege escalation, and unauthorized handoffs between agents

What Inkog Does

• Logic Flaw Detection: Find infinite loops, recursion risks, and missing exit conditions
• Security Analysis: Detect prompt injection paths, unconstrained tools, and data leakage risks
• AGENTS.md Governance: Validate that code behavior matches governance declarations
• Compliance Reporting: Generate reports for EU AI Act, NIST AI RMF, OWASP LLM Top 10
• MCP Server Auditing: Audit any MCP server before installation
• Multi-Agent Analysis: Audit Agent-to-Agent communications for logic and security issues

Installation

Claude Desktop

Add to your claude_desktop_config.json:

{
  "mcpServers": {
    "inkog": {
      "command": "npx",
      "args": ["-y", "@inkog-io/mcp"],
      "env": {
        "INKOG_API_KEY": "sk_live_your_api_key"
      }
    }
  }
}

Cursor

Add to your Cursor MCP settings:

{
  "mcpServers": {
    "inkog": {
      "command": "npx",
      "args": ["-y", "@inkog-io/mcp"],
      "env": {
        "INKOG_API_KEY": "sk_live_your_api_key"
      }
    }
  }
}

Global Installation

npm install -g @inkog-io/mcp

Getting Your API Key

1. Sign up for free at app.inkog.io
2. Copy your API key from the dashboard
3. Set it as INKOG_API_KEY environment variable

Available Tools

P0 - Core Analysis (Essential)

P1 - Enterprise Features

P2 - Multi-Agent Analysis

Tool Details

inkog_scan

Static analysis for AI agent code - finds logic flaws and security risks.

Arguments:
  path     (required) File or directory path to scan
  policy   (optional) Analysis policy: low-noise, balanced, comprehensive, governance, eu-ai-act
  output   (optional) Output format: summary, detailed, sarif

Example: "Scan my LangChain agent for logic flaws"

inkog_verify_governance

Validate that AGENTS.md declarations match actual code behavior. This is Inkog's unique differentiator - no other tool does governance verification.

Arguments:
  path     (required) Path to directory containing AGENTS.md and agent code

Example: "Verify my agent's governance declarations"

inkog_compliance_report

Generate compliance reports for regulatory frameworks.

Arguments:
  path      (required) Path to scan
  framework (optional) eu-ai-act, nist-ai-rmf, iso-42001, owasp-llm-top-10, all
  format    (optional) markdown, json, pdf

Example: "Generate an EU AI Act compliance report for my agent"

inkog_explain_finding

Get detailed explanation and remediation guidance for a security finding.

Arguments:
  finding_id (optional) Finding ID from scan results
  pattern    (optional) Pattern name (e.g., prompt-injection, infinite-loop)

Example: "Explain how to fix prompt injection vulnerabilities"

inkog_audit_mcp_server

Secur