Chkk MCP Server
Connect MCP Clients (e.g., Cursor, Claude Desktop) to Chkk Risk Analysis
This is a preview-only version of the Chkk MCP Server. Features and supported platforms will be enhanced as we iterate.
What is the Chkk MCP Server?
The Chkk MCP server lets you use natural language in any MCP client (such as Cursor or Claude Desktop) to:
- List and analyze Operational Risks in your infrastructure
- Fetch all affected resources identified by an Operational Risk so you can prioritize tasks, assign owners and plan effectively.
- Trigger mitigation and remediation workflows
The server authenticates using a machine principal (e.g. Cloud Identity), which must be registered with Chkk. You can add your Cloud Identities to a Chkk Team.
This guide uses Cursor as an example MCP client, but the Chkk MCP server works with any compatible MCP client, including tools like Claude Desktop.
Prerequisites
- Download a supported Chkk MCP Server binary for your platform (see instructions below)
- Access to your Chkk API URL (if unsure, please contact Chkk Support)
Cloud Credentials Required
The Chkk MCP server requires valid cloud account credentials to be configured on your machine. Currently, only AWS is supported. These credentials are used to authenticate with Chkk using presigned STS URLs. Before using the server:
- Verify that your Cloud Machine Identity is registered with Chkk (please contact Chkk Support is assisstance is required)
- Ensure you have valid AWS credentials of the registered Cloud Machine Identity configured locally
If you encounter authentication errors, see the Troubleshooting section.
Step 1: Download the Chkk MCP Server
Download the latest Chkk MCP Server binary for your platform:
After downloading:
- Unzip the downloaded binary
- (macOS/Linux) Make the binary executable:
Step 2: Configure your Cursor instance to use the Chkk MCP Server
Create (or modify) the .cursor/mcp.json
file in your project folder using the binary relevant to your platform.
This guide assumes that the unzipped binary is located in the ./bin/
directory of your Cursor project. Update the path if the unzipped binary is located elsewhere.
Step 3: Start the Server
Cursor will launch the server automatically and prompt you to enable the MCP tool.
Or, if you use your own custom MCP client, you can run it manually as well:
Step 4: Run the Prompt
Open Cursor and try a natural-language request:
list risks for cluster k8scl_1234abcd-5678-efgh-9012-3456789abcde
list risks for cluster k8scl_1234abcd-5678-efgh-9012-3456789abcde in category “guardrail”
Cursor will reply with a concise summary of each risk—plus the affected resources—right inside your editor.
Supported categories are guardrail
, api-deprecation
, and misconfiguration
.