English | ๆฅๆฌ่ช
Model Context Protocol (MCP) server for FutureVuls vulnerability management service integration
This project is a Windows-based server that provides access to the 
FutureVuls API through the 
Model Context Protocol (MCP). It enables AI assistants like Claude to directly utilize vulnerability management functions.
- ๐ Vulnerability Management: Search and display detailed CVE information
- ๐ Task Management: Check and manage vulnerability response tasks
- ๐ฅ๏ธ Server Management: List and display details of monitored servers
- ๐ Report Generation: Automated weekly report generation
- ๐ Health Check: FutureVuls API connection verification
- OS: Windows 10/11 (64bit)
- Node.js: 18.0 or higher (LTS recommended)
- npm: Included with Node.js
- Claude Desktop: Latest version
- Memory: 4GB or more recommended
- Storage: 1GB or more free space
Note: DXT packaging is not currently supported. We recommend installing and running via npm (global command) for simplicity and reliability.
npm install -g @keides2/futurevuls-mcpOr if you have a local tarball (offline/distribution):
npm install -g .\keides2-futurevuls-mcp-2.1.0.tgzThen you can run the server as a CLI:
futurevuls-mcpgit clone https://github.com/keides2/futurevuls-mcp.git
cd futurevuls-mcpsetup_windows.batThis script automatically performs the following:
- Node.js environment verification
- npm dependency installation
- Configuration file template creation
- Claude Desktop configuration file creation
npm installcopy .env.sample .env
copy groups.json.template groups.json
# Be careful not to overwrite when using other MCPs
copy claude_desktop_config.json.template "%APPDATA%\Claude\claude_desktop_config.json"Open the .env file with Notepad or VS Code and configure the following:
# FutureVuls API Configuration (Required)
FUTUREVULS_API_TOKEN=your_actual_api_token_here
# Debug Mode (Optional)
FUTUREVULS_DEBUG=falseOpen the groups.json file with Notepad or VS Code and set your actual group information in the following format:
Group Name: [
"Group Token",
"Group ID",
"Number of Vulnerabilities"
]Example:
{
"group": [
{
"Production Environment": [
"fvgs-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
123,
1500
]
},
{
"Development Environment": [
"fvgs-yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy",
456,
800
]
},
{
...
}
]
}%APPDATA%\Claude\claude_desktop_config.jsonAccess via File Explorer:
- Press
Win + Rkeys - Type
%APPDATA%\Claudeand press Enter - Edit
claude_desktop_config.json
Method 1: Copy Template (Recommended)
# Be careful not to overwrite when using other MCPs
copy claude_desktop_config.json.template "%APPDATA%\Claude\claude_desktop_config.json"Method 2: Manual File Creation
Create %APPDATA%\Claude\claude_desktop_config.json using Notepad or VS Code
Preferred (npm global command):
{
"mcpServers": {
"futurevuls": {
"command": "futurevuls-mcp",
"args": [],
"env": {
"FUTUREVULS_API_TOKEN": "your_actual_api_token_here"
}
}
}
}Alternative (direct Node path, if not using global install):
{
"mcpServers": {
"futurevuls": {
"command": "node",
"args": ["C:\\Users\\[USERNAME]\\path\\to\\futurevuls-mcp\\futurevuls-mcp.js"],
"env": {
"FUTUREVULS_API_TOKEN": "your_actual_api_token_here"
}
}
}
}- Use absolute paths
- Escape backslashes with
\\(use\\instead of\) - Replace with your actual installation path
- File name is
futurevuls-mcp.js(not Python) - Avoid paths containing Japanese characters
AI assistants like Claude Desktop automatically communicate with the MCP server after configuration. The manual startup methods below are primarily for configuration verification, troubleshooting, and development purposes.
start_mcp.batUse Cases:
- Operation verification before Claude Desktop configuration
- Detailed error message confirmation
- Log output monitoring
futurevuls-mcpnode futurevuls-mcp.jsUse Cases:
- Detailed debug information confirmation
- npm dependency issue identification
- Development and testing operation verification
1. Manual Startup Verification If the following messages appear at startup, it's working normally:
FutureVuls MCP Server starting...
Listening on stdio...
Server initialized successfully2. Claude Desktop Verification
- Restart Claude Desktop
- Type something like "Check FutureVuls vulnerabilities"
- If MCP tools are recognized and executed, it's successful
At present, distributing/running this server in DXT format is not officially supported due to stability concerns. As a workaround, please use the npm global command (futurevuls-mcp) or run directly with Node.js as described above.
- In Claude Desktop's UtilityProcess environment, after initialization the following intermittently occur:
- -32001 Request timed out
- Unexpected server transport closed
- On the same machine, direct Node execution and Content-Length smoke tests succeed (not reproducible)
- Rewrote the JSON-RPC stdin parser to support:
- Content-Length framing (LSP-style) and JSON Lines
- Flexible header termination detection (CRLFCRLF/LFLF)
- Response framing that matches the input style
- Simplified initialize response and metadata, bumped versions, and repackaged multiple times
- Reinstalled DXT package, changed install locations (different drive/ASCII-only paths), re-enabled extensions, etc.
- Timeouts/closures still persisted only on some environments
We suspect environment-specific behavior related to UtilityProcess stdio/lifecycle in certain setups, which prevents us from guaranteeing stability via DXT. In contrast, the npm global command approach has been stable and is operationally simple, so we recommend it as the official method.
- Officially supported: npm global command (futurevuls-mcp)
- Alternative: direct Node execution (for development/verification)
- DXT: will be revisited as upstream behavior improves; any progress will be announced in README/release notes
| Function | Description | Claude Usage Example |
|---|---|---|
futurevuls_health_check |
API health check | "Check FutureVuls connection status" |
futurevuls_list_groups |
Get group list | "Show me monitored groups" |
futurevuls_get_cves |
Get CVE list | "Display latest vulnerability list" |
futurevuls_get_cve_detail |
Get CVE details | "Tell me details of CVE-2023-12345" |
futurevuls_get_tasks |
Get task list | "Are there any tasks to handle?" |
futurevuls_get_task_detail |
Get task details | "Check details of task 123" |
futurevuls_get_servers |
Get server list | "Show list of monitored servers" |
futurevuls_get_groupset_servers |
Get groupset servers | "Show servers in groupset" |
futurevuls_get_group_members |
Get group members | "Show members of group 123" |
futurevuls_get_org_groups |
Get organization groups | "List all organization groups" |
futurevuls_get_org_members |
Get organization members | "Show organization members" |
futurevuls_search_critical_cves |
Search high-severity CVEs | "Extract CRITICAL vulnerabilities" |
futurevuls_generate_weekly_report |
Generate weekly report | "Generate this week's vulnerability report" |
futurevuls-mcp/
โโโ ๐ futurevuls-mcp.js # Main MCP Server (Node.js) - For Claude Desktop
โโโ ๐ futurevuls-mcp-legacy.js # Legacy MCP Server (Node.js) - For VSCode + Cline
โโโ ๐ฆ package.json # Node.js dependencies and metadata
โโโ ๐ start_mcp.bat # Windows startup script
โโโ โ๏ธ setup_windows.bat # Windows setup script
โโโ ๐ง .env.sample # Environment variable template
โโโ ๐ groups.json.template # Group configuration template
โโโ ๐ค claude_desktop_config.json.template # Claude Desktop configuration template
โโโ ๐ README.md # This file
โโโ ๐ LICENSE # License
โโโ ๐ docs/ # Documentation
โโโ ๐ผ๏ธ img/ # Top and logo image files
โโโ ๐ evac/ # Development, test, and Python version files
futurevuls-mcp.js (Main)
- For Claude Desktop use
- Latest MCP protocol version (2025-06-18)
- Recommended for general use
futurevuls-mcp-legacy.js (Legacy)
- For VSCode + Cline use
- Legacy MCP protocol version (2024-11-05)
- Use when the main version is incompatible
.env(environment variables and API tokens)groups.json(actual group configuration)claude_desktop_config.json(actual Claude Desktop configuration)
This project is designed for use with Node.js on Windows environments.
2025/07/29 keides2 Node.js version support