Skip to main content
Panguard includes a built-in MCP (Model Context Protocol) server that exposes security tools to AI assistants. This lets you run scans, check Guard status, query threats, and deploy honeypots using natural language through your AI coding assistant.
1

Understand MCP

The Model Context Protocol (MCP) is an open standard for connecting AI assistants to external tools. Panguard’s MCP server exposes security operations as tools that AI assistants can call on your behalf.Supported AI assistants:
AssistantConfig Location
Claude Desktop~/Library/Application Support/Claude/claude_desktop_config.json (macOS)
Claude Code~/.claude/settings.local.json
Cursor~/.cursor/mcp.json
QClaw~/.qclaw/mcp.json
OpenClaw~/.openclaw/skills/panguard/SKILL.md (native skill)
Codex~/.codex/mcp.json
WorkBuddy~/.workbuddy/.mcp.json
NemoClaw~/.nemoclaw/mcp.json
ArkClaw~/.arkclaw/mcp.json
Run panguard setup to auto-detect and configure all platforms. No login required.
2

Add the MCP configuration

Add the Panguard MCP server to your AI assistant’s configuration file:
Edit ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows):
{
  "mcpServers": {
    "panguard": {
      "command": "panguard",
      "args": ["mcp", "serve"],
      "env": {}
    }
  }
}
After saving, restart your AI assistant for the changes to take effect.
3

Available MCP tools

The Panguard MCP server exposes these tools to your AI assistant:
ToolDescription
scan_systemRun a security scan and return findings
guard_statusCheck Guard engine status and recent events
guard_startStart the Guard engine
guard_stopStop the Guard engine
get_threatsQuery threat intelligence and IoCs
deploy_honeypotDeploy a honeypot on a specified service/port
get_attacker_profilesRetrieve attacker profiles from Trap
generate_reportGenerate a compliance report
get_security_scoreGet current risk score and grade
list_eventsList recent Guard events with filtering
4

Use natural language for security ops

Once configured, you can interact with Panguard through your AI assistant using natural language:
You: “Scan my system for security issues”The assistant calls scan_system and presents the findings, risk score, and recommendations in a readable format.
You: “Is Guard running? Show me recent alerts.”The assistant calls guard_status followed by list_events to give you a comprehensive status overview.
You: “What do we know about IP 203.0.113.42?”The assistant calls get_threats and get_attacker_profiles to compile a threat dossier.
You: “Generate an ISO 27001 compliance report”The assistant calls generate_report with the ISO 27001 framework and presents the results.
You: “Set up SSH and HTTP honeypots to catch attackers”The assistant calls deploy_honeypot for each service type and confirms deployment.
5

Verify the connection

Test that your AI assistant can reach the Panguard MCP server:
panguard mcp test

  PANGUARD AI - MCP Server

  -- Connection Test ------------------------

  Server:     Running (stdio transport)
  Tools:      10 registered
  Auth:       Authenticated (user@example.com)

  MCP server is ready for AI assistant connections.

What to do next

MCP product reference

Full documentation of the MCP server architecture and capabilities.

MCP tools reference

Detailed schema for each MCP tool including parameters and return types.

Run your first scan

Understand scan output before using AI-assisted scanning.

Real-time protection

Set up Guard so the AI assistant can monitor and respond to threats.