This is a preview-only version of the Chkk MCP Server. Features and supported platforms will be enhanced as we iterate.

What is the Chkk MCP Server?

The Chkk MCP server lets you use natural language in any MCP client (such as Cursor or Claude Desktop) to:

  • List and analyze Operational Risks in your infrastructure
  • Fetch all affected resources identified by an Operational Risk so you can prioritize tasks, assign owners and plan effectively.
  • Trigger mitigation and remediation workflows

The server authenticates using a machine principal (e.g. Cloud Identity), which must be registered with Chkk. You can add your Cloud Identities to a Chkk Team.

This guide uses Cursor as an example MCP client, but the Chkk MCP server works with any compatible MCP client, including tools like Claude Desktop.

Prerequisites

  • Download a supported Chkk MCP Server binary for your platform (see instructions below)
  • Access to your Chkk API URL (if unsure, please contact Chkk Support)

Cloud Credentials Required

The Chkk MCP server requires valid cloud account credentials to be configured on your machine. Currently, only AWS is supported. These credentials are used to authenticate with Chkk using presigned STS URLs. Before using the server:

  • Verify that your Cloud Machine Identity is registered with Chkk (please contact Chkk Support is assisstance is required)
  • Ensure you have valid AWS credentials of the registered Cloud Machine Identity configured locally

If you encounter authentication errors, see the Troubleshooting section.

Step 1: Download the Chkk MCP Server

Download the latest Chkk MCP Server binary for your platform:

macOS

Apple Silicon
M1/M2/M3 and newer

Linux

ARM 64-bit servers

Windows

Intel/AMD 64-bit PCs

After downloading:

  1. Unzip the downloaded binary
  2. (macOS/Linux) Make the binary executable: 
    chmod +x ./chkk-mcp-*

Step 2: Configure your Cursor instance to use the Chkk MCP Server

Create (or modify) the .cursor/mcp.json file in your project folder using the binary relevant to your platform. This guide assumes that the unzipped binary is located in the ./bin/ directory of your Cursor project. Update the path if the unzipped binary is located elsewhere.

{
  "mcpServers": {
    "chkk-mcp-stdio": {
      "command": "./bin/chkk-mcp-darwin-arm64",
      "args": ["serve"]
    }
  }
}

Step 3: Start the Server

Cursor will launch the server automatically and prompt you to enable the MCP tool.

Or, if you use your own custom MCP client, you can run it manually as well:

./bin/chkk-mcp serve --mode stdio

Step 4: Run the Prompt

Open Cursor and try a natural-language request:

list risks for cluster k8scl_1234abcd-5678-efgh-9012-3456789abcde

list risks for cluster k8scl_1234abcd-5678-efgh-9012-3456789abcde in category “guardrail”

Cursor will reply with a concise summary of each risk—plus the affected resources—right inside your editor.

Supported categories are guardrail, api-deprecation, and misconfiguration.