io.github.gaiabio12-design/quantumscan-pqc-scanner
Official4 toolsQuantumScan PQC Scanner
PQC scanner for GitHub repos and smart contracts. Detects quantum-vulnerable ECDSA/RSA.
Scan GitHub repos and smart contracts for quantum-vulnerable ECDSA/RSA encryption.
Captured live from the server via tools/list.
scan_repository
Submit a GitHub, GitLab, or Bitbucket repository for post-quantum cryptography (PQC) vulnerability scanning. Returns a scan_id. Call get_scan_result to poll for the result. Free tier: 10 scans/day per IP. Paid tier: credit-based (register at /api/agent/register).
Parameters (1)
- repo_urlstringrequired
Full repository URL. Example: https://github.com/uniswap/v3-core
get_scan_result
Get the result of a previously submitted scan. Returns status (submitted | working | completed | failed) and, when completed, a full CBOM (Cryptographic Bill of Materials) compliant with EIP-7789 and CycloneDX CBOM 1.6, plus a quantum risk score (0 = fully safe, 100 = fully vulnerable). Rate-limited: 60 calls/min per IP or API key.
Parameters (1)
- scan_idstringrequired
UUID returned by scan_repository
check_pqc_risk
Instant check (no DB, no scan) — returns whether a list of algorithm names are quantum-vulnerable. Useful for quick risk assessment before calling scan_repository. Rate-limited: 100 calls/day per IP (free), 500/day per API key (paid).
Parameters (1)
- algorithmsarrayrequired
Algorithm names, e.g. ["ECDSA", "RSA-2048", "ML-KEM-768"]
scan_contract
Scan a verified on-chain smart contract for quantum-vulnerable cryptography AND today's fraud patterns (rug pulls, honeypots, uncapped mints, reentrancy). Use this BEFORE signing a transaction, interacting with a DeFi protocol, or integrating a contract into an agent workflow. Synchronous — result is immediate (no polling needed). Requires the contract to be verified on Sourcify (https://sourcify.dev). Returns risk score 0-100, agent risk score, finding breakdown, and concrete PQC migration steps. Rate-limited: same as scan_repository (10/day per IP free, credit-based paid).
Parameters (2)
- contract_addressstringrequired
Ethereum-format contract address (0x + 40 hex chars). Example: 0xdAC17F958D2ee523a2206206994597C13D831ec7
- networknumber
Chain ID. Default: 1 (Ethereum Mainnet). Supported: 1, 137 (Polygon), 42161 (Arbitrum One), 10 (Optimism), 8453 (Base), 56 (BNB Chain), 43114 (Avalanche C-Chain).
README not available yet.
Install
claude_desktop_config.json
{
"mcpServers": {
"quantumscan-pqc-scanner": {
"command": "npx",
"args": [
"-y",
"mcp-remote",
"https://quantumscan.io/api/mcp"
]
}
}
}Desktop config is stdio-only; this bridges via mcp-remote. Native remote: Settings > Connectors.