Smpl Security
Get started
MCP Connector · Read & write access

Smpl Security for Claude.

Bring your security findings into Claude. Review open findings, pull remediation guidance, check SOC 2 readiness, and triage findings without leaving the conversation.

Connect now smplsecurity.ai/api/mcp

Overview

The Smpl Security connector gives Claude read access to the security findings Smpl produces for your organization, plus the ability to update a finding’s status.

It reflects data Smpl’s backend has already computed from your connected systems. It does not run scans on demand — queries return the results of scans that have already completed.

Before you connect

  • A Smpl Security account at smplsecurity.ai, with an organization.
  • At least one connector configured in Smpl (GitHub, Vercel, Supabase, Stripe, Cloudflare, or Resend) and at least one completed scan. Until a scan has run, queries return no results.

Any member of your Smpl organization can connect.

Connecting in Claude

  1. In Claude, open connector settings and add a new connector.
  2. Enter the Smpl MCP server URL: https://smplsecurity.ai/api/mcp
  3. Claude opens the Smpl authorization page. Sign in to your Smpl account if prompted.
  4. Review the permissions on the consent screen, then click Allow.
  5. The connector is now active.

MCP server URL

https://smplsecurity.ai/api/mcp

Permissions

The connector requests one or both of these scopes. The consent screen shows exactly what is requested before you approve.

Read
mcp:read

Read your open security findings and compliance status.

Write
mcp:write

Update the status of findings (dismiss, resolve, reopen).

If you grant read-only access, finding-status updates are rejected. Re-authorize and grant write access to enable them. You can revoke a connection at any time in Smpl Settings.

What you can ask

get_findingsread

Lists your open findings. Filter by severity to focus on what matters.

Show me my open critical and high security findings from Smpl.
get_finding_detailread

Full detail for one finding, plus a remediation playbook with fix steps.

Pull up the full detail and fix steps for that critical finding.
get_compliance_statusread

Your SOC 2 readiness score, broken down by control category.

What's my SOC 2 readiness score, and which categories are behind?
update_finding_statuswrite

Dismiss, resolve, or reopen a finding. A reason is required when dismissing or accepting risk (captured as SOC 2 evidence).

Mark that finding as a false positive. Reason: test-only code path.

Troubleshooting

Queries return nothing+
No scan has completed for your organization yet. Configure a connector in Smpl and run a scan, then retry.
“Unauthorized” or the connection dropped+
Access tokens expire after one hour. Reconnect or re-authorize the connector in Claude.
“This connection has read-only access”+
The connector was authorized without the mcp:write scope. Re-authorize and grant write access to update findings.
“Finding not found”+
The finding ID is stale. It may have been resolved, or a newer scan replaced it. Ask for your findings again to get current IDs.

Support

Questions or issues with the connector? Email support@smplsecurity.ai. We typically respond within a business day.