io.kernelscan/kernelscan
Official10 toolsKernelScan
Linux kernel CVE analyzer: upload a .config, get a CycloneDX VEX report of affecting CVEs.
Analyze Linux kernel configs for CVEs and generate vulnerability reports.
Captured live from the server via tools/list.
search_cves
Search Linux kernel CVEs. No API key required: keyless callers get the free public tier — recent high-severity Linux kernel CVEs (capped at 25 results). Free *keyed* callers see only CVEs published in the last 60 days; basic+ keyed callers get the full corpus. ``query`` matches against CVE id and description (case-insensitive). ``severity`` filters by effective severity (``critical``/``high``/``medium``/``low``). ``cvss_min`` filters by effective CVSS score. ``published_after`` (ISO 8601) returns only CVEs newer than that date. Returns up to ``limit`` (max 100) CVEs, newest first.
Parameters (5)
- queryany
- severityany
- cvss_minany
- published_afterany
- limitinteger
get_cve
Fetch a single Linux kernel CVE by ID (e.g. ``CVE-2024-12345``). No API key required: keyless callers get the public representation of a CVE, but only for CVEs in the public set (recent high-severity); any other id returns ``not found``. Free *keyed* callers get a 404 for CVEs published more than 60 days ago. AI risk-summary / analysis fields are included for any keyed user on CVEs in the public set, and for pro / enterprise on every assessed CVE.
Parameters (1)
- cve_idstringrequired
list_products
List the calling user's products with denormalized analysis stats. Paid plans only (basic / pro / enterprise). Free callers get a clear upgrade message.
No parameters.
get_product
Fetch one product owned by the caller, including the CVE breakdown. Returns 404 (not 403) if the product belongs to another user, so product existence isn't leaked across accounts.
Parameters (1)
- product_idstringrequired
get_product_vex
Return the CycloneDX 1.6 VEX document for one of the caller's products. Reads from the 24h ProductVexCache; if the cache is empty/expired the next call to ``get_product`` (or the REST endpoint) will regenerate it.
Parameters (1)
- product_idstringrequired
create_product
Create a new product, run analysis, and return its initial stats. ``config_upload_id`` references a previously-staged .config that the caller POSTed to ``/api/configs/uploads`` over plain HTTP — the LLM does NOT emit the config text itself (a real kernel .config is ~100–200 KB and exceeds a single tool-call output budget). Workflow: 1. Caller / wrapper script: ``curl -H "Authorization: Bearer ks_live_..." \ -F "config_file=@.config" \ https://kernelscan.io/api/configs/uploads`` returns ``{config_upload_id, sha256, size_bytes, expires_at}``. 2. Pass that ``config_upload_id`` into this tool. Uploads are per-user, single-use, and expire 30 minutes after upload. Same tier gates as POST /api/products: free can't create products at all, basic is capped at 3 products, pro at 10. ``factor_ids`` are silently ignored unless the tier allows security factors (``pro``/``enterprise``). Re-using a product name returns 409.
Parameters (6)
- namestringrequired
- kernel_versionstringrequired
- archstringrequired
- config_upload_idstringrequired
- descriptionany
- factor_idsany
update_product
Update a product owned by the caller. Re-runs analysis if the kernel_version, arch, or referenced .config changed. To change the .config, first POST the new file to ``/api/configs/uploads`` (see ``create_product`` for the curl recipe) and pass the returned ``config_upload_id`` here. Leave ``config_upload_id`` as ``None`` to keep the existing .config. ``factor_ids=None`` leaves factor selections untouched; an empty list clears them. Same tier gates as PUT /api/products/{id}.
Parameters (7)
- product_idstringrequired
- nameany
- descriptionany
- kernel_versionany
- archany
- config_upload_idany
- factor_idsany
whoami
Return the caller's identity, plan, and quota state. Works without an API key: keyless callers get a lightweight public-tier payload (no account) describing how to request access.
No parameters.
request_access
Request an invitation to KernelScan from inside MCP (no API key needed). Use this when a keyless caller wants the full service. It records an invitation request and emails a confirmation; an admin reviews it and, if approved, sends an invitation code. This tool does NOT create an account or mint an API key — you finish signup (including accepting the terms) on the website after you receive the invitation. ``email`` is required. ``name`` and ``reason`` are optional context for the reviewer. The response is identical whether or not the email is already known, so it never reveals account state.
Parameters (3)
- emailstringrequired
- nameany
- reasonany
submit_support_report
Send a support / dispute report to KernelScan staff. Use this when an automated CVE or factor assessment looks wrong, or when you need to hand human-needed context back to the team. The caller's API-key user is attached automatically (id, email, plan) so support can look the account up. ``category`` should be one of: - ``cve_assessment`` — wrong AI verdict / CVSS / CWE on a CVE - ``factor_assessment`` — wrong factor verdict for a product - ``bug`` — broken behavior in the API or UI - ``other`` — anything else ``cve_id`` / ``product_id`` / ``assessment_id`` are optional but recommended — they let support jump straight to the relevant row.
Parameters (6)
- categorystringrequired
- subjectstringrequired
- messagestringrequired
- cve_idany
- product_idany
- assessment_idany
README not available yet.
Install
claude_desktop_config.json
{
"mcpServers": {
"kernelscan": {
"command": "npx",
"args": [
"-y",
"mcp-remote",
"https://kernelscan.io/mcp/"
]
}
}
}Desktop config is stdio-only; this bridges via mcp-remote. Native remote: Settings > Connectors.