How to Use It: Installation & Configuration

---

Using the BoostSecurity MCP server involves two steps:

1. Installation: Connecting your MCP-compatible client (your AI assistant/editor) to the BoostSecurity server endpoint.
2. Usage: Prompting your AI agent to use the validation tool (or letting it do so automatically).

---

Supported Languages and Ecosystems

---

• Python: PyPI
• Go: Go Modules
• JavaScript/TypeScript: npm
• Java: Maven
• C#: NuGet

---

Requirements

---

An MCP-compliant client, such as:

• Cursor
• Claude Code
• Windsurf
• VS Code (with MCP extension)

---

Client-Specific Setup Guides

---

Follow the instructions for your specific editor or AI assistant.

---

Cursor

---

1. Go to: Settings -> Cursor Settings -> MCP -> Add new global MCP server

2. Add the following remote server connection configuration:

   {
      "mcpServers": {
       "boost-security": {
         "url": "https://mcp.boostsecurity.io/mcp",
           "transport": "http"
       }
     }
   }
   

3. Once configured, verify under Cursor Settings -> MCP & Integrations that the BoostSecurity MCP tool is enabled for validate_package.

---

Claude Code

---

1. Run the following command in your terminal:

   claude mcp add --scope user --transport http boost-security https://mcp.boostsecurity.io/mcp
   

2. To confirm, type /mcp within the Claude Code interface. The BoostSecurity MCP should appear as enabled.

---

Windsurf

---

1. Navigate to Windsurf Settings -> Cascade MCP Servers.

2. Add the BoostSecurity MCP server configuration:

   {
     "mcpServers": {
       "boost-security": {
           "serverUrl": "https://mcp.boostsecurity.io/mcp"
       }
     }
   } 
   

3. Alternatively, add this configuration to your Windsurf MCP config file (e.g., ~/.codeium/windsurf/mcp_config.json).

4. Relaunch Windsurf.
5. Go to Windsurf Settings -> Manage MCPs to confirm the connection is enabled and shows the validate_package tool.

---

VS Code

---

1. Navigate to View -> Command Palette
2. Run the command MCP: Open User Configuration.

3. Add the BoostSecurity MCP server configuration to the JSON file:

   {
      "servers": {
       "boost-security": {
         "type": "http",
           "url": "https://mcp.boostsecurity.io/mcp"
       }
     }
   }
   

4. You may need to relaunch VS Code.

5. Once added, select Start on the MCP configuration in the MCP panel to change its state to Running.

---

Other MCP Clients

---

The BoostSecurity MCP server can be used by any MCP-compliant client that supports:

• Transport type: http
• Remote server URL: https://mcp.boostsecurity.io/mcp

Refer to your client’s documentation for instructions on configuring remote MCP servers.

---

Best Practices for Optimal Security

---

The MCP server provides strong instructions to the AI agent, encouraging it to validate packages. However, for the most consistent results, you should also explicitly instruct your AI agent to use the tool.

Add a rule or instruction to your AI agent's system prompt or configuration.

Example Instruction:

Always use the BoostSecurity MCP tool `validate_package` to ensure a package is safe before adding it to a project.
Use the package versions recommended by BoostSecurity.

By doing this, you ensure the agent makes security validation a non-negotiable step in its workflow.

Example Workflow

1. Developer: "Please add the requests package to handle API calls."
2. AI Agent (to MCP): "I intend to add requests version 2.25.0. Please validate_package(name='requests', version='2.25.0')."
3. BoostSecurity MCP (to AI): "Validation failed: Version 2.25.0 has a known vulnerability. A safe alternative is available. Use requests version 2.31.0 or newer."
4. AI Agent (to Developer): "I've added the requests package. I used version 2.31.0 as recommended by the security scanner to avoid a known vulnerability in earlier versions."