AI

Connect Claude and other AI tools to Mondoo with the MCP server

Connect Claude Desktop, Claude Code, and VS Code to the Mondoo MCP server to explore your findings, policies, and spaces with AI assistants.

The Mondoo MCP server is a Model Context Protocol (MCP) server that connects AI assistants directly to Mondoo Platform. Once connected, a tool like Claude can explore your spaces, read your findings, and work with your security policies in plain language, without leaving the assistant.

Mondoo hosts the MCP server for you. You connect to it over HTTP and authenticate with a Mondoo API token.

What you can do

Once your AI assistant is connected to the Mondoo MCP server, you can ask it to:

  • List the spaces available to you.
  • List critical findings in a space.
  • List the active policies in a space.
  • Explain what a policy checks and why a finding matters.

You can also use it to help you write Policy as Code:

  • Generate MQL queries and policies from a description.
  • Compile and validate queries.
  • Format policy bundles.

Prerequisites

To connect an AI assistant to the Mondoo MCP server, you need:

  • An active Mondoo Platform account.
  • A Mondoo API token with Viewer (read-only) permissions. To create one, read Create and Manage API Tokens. A read-only token is enough for exploring findings and policies, and it limits what a connected assistant can change.
  • The AI client you want to connect (Claude Desktop, Claude Code, or VS Code).
  • Node.js installed, if you connect Claude Desktop. The Claude Desktop configuration uses npx, which ships with Node.js.

Treat your API token like any other secret. Anyone with the token and the endpoint can act in Mondoo with the token's permissions. Use a read-only token and rotate it if you suspect it leaked.

Endpoints

Choose the endpoint for the region where your Mondoo account lives:

  • United States: https://us.api.mondoo.com/mcp
  • European Union: https://eu.api.mondoo.com/mcp

The examples below use the US endpoint. If your account is in the EU, substitute the EU endpoint.

Connect Claude Desktop

The Claude desktop app reads its configuration from a file on your computer:

  • macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
  • Windows: %APPDATA%\Claude\claude_desktop_config.json

Add the Mondoo MCP server to that file, then replace <PASTE YOUR API TOKEN> with your token value:

{
  "mcpServers": {
    "mondoo": {
      "command": "npx",
      "args": [
        "mcp-remote",
        "https://us.api.mondoo.com/mcp",
        "--header",
        "Authorization:${MONDOO_API_TOKEN}"
      ],
      "env": {
        "MONDOO_API_TOKEN": "Bearer <PASTE YOUR API TOKEN>"
      }
    }
  }
}

Keep the word Bearer and the space before your token. Save the file and restart Claude Desktop. Mondoo's tools then appear in Claude, and you can ask Claude to list your spaces or findings.

Connect Claude Code

Add the Mondoo MCP server to your ~/.claude/settings.json (to use it everywhere) or to a project's .claude/settings.json (to share it with a repository). Replace <PASTE YOUR API TOKEN> with your token value:

{
  "mcpServers": {
    "mondoo": {
      "type": "http",
      "url": "https://us.api.mondoo.com/mcp",
      "headers": {
        "Authorization": "Bearer <PASTE YOUR API TOKEN>"
      }
    }
  }
}

Connect VS Code

In VS Code, open your User Settings (JSON) file. Press Ctrl + Shift + P (or Cmd + Shift + P on macOS), type Preferences: Open User Settings (JSON), and select it. Add this block:

{
  "mcp": {
    "inputs": [
      {
        "type": "promptString",
        "id": "mondoo-api-token",
        "description": "Mondoo API Token",
        "password": true
      }
    ],
    "servers": {
      "mondoo-mcp-http": {
        "type": "http",
        "url": "https://us.api.mondoo.com/mcp",
        "headers": {
          "Authorization": "${input:mondoo-api-token}"
        }
      }
    }
  }
}

VS Code prompts you for the token the first time it connects. Enter the value as Bearer <your API token>, including the word Bearer and the space.

To share the configuration with a team without sharing your token, add the same block (without the outer mcp key) to a .vscode/mcp.json file in your workspace:

{
  "inputs": [
    {
      "type": "promptString",
      "id": "mondoo-api-token",
      "description": "Mondoo API Token",
      "password": true
    }
  ],
  "servers": {
    "mondoo-mcp-http": {
      "type": "http",
      "url": "https://us.api.mondoo.com/mcp",
      "headers": {
        "Authorization": "${input:mondoo-api-token}"
      }
    }
  }
}

Each person who uses the shared file supplies their own token when prompted. For more detail, read the VS Code MCP server documentation.

Verify the connection

After you connect, ask the assistant to list your Mondoo spaces. If it returns your spaces, the connection works. If it cannot reach Mondoo, check that:

  • The token value starts with Bearer followed by your token.
  • You used the endpoint for your account's region.
  • Your token still exists and has at least Viewer permissions.

Learn more

Annotate Assets

Tag assets with custom key-value metadata so you can group, filter, and search them.

Overview

Manage Mondoo access, alerting, logging, and account settings.

On this page

What you can doPrerequisitesEndpointsConnect Claude DesktopConnect Claude CodeConnect VS CodeVerify the connectionLearn more