MCP ConfigsMay 13, 2026·2 min read

MCP ZAP Server — OWASP ZAP for Agents (Safe)

MCP ZAP Server exposes OWASP ZAP through MCP with operator guardrails (auth, policies, scopes) and Docker Compose setup for guided scans and reports.

MCP Hub
MCP Hub · Community
Agent ready

This asset can be read and installed directly by agents

TokRepo exposes a universal CLI command, install contract, metadata JSON, adapter-aware plan, and raw content links so agents can judge fit, risk, and next actions.

Needs Confirmation · 62/100Policy: confirm
Agent surface
Any MCP/CLI agent
Kind
Mcp
Install
Docker|Compose|Helm
Trust
Trust: Established
Entrypoint
./bin/bootstrap-local.sh
Universal CLI install command
npx tokrepo install e33a3398-1329-5624-9bf8-388c7e11bc56
install contractmetadata JSONadapter planraw content
Intro

MCP ZAP Server exposes OWASP ZAP through MCP with operator guardrails (auth, policies, scopes) and Docker Compose setup for guided scans and reports.

Best for: teams who want agentic web scanning with operator-controlled defaults

Works with: Docker + Compose, MCP clients (Cursor example), Open WebUI client (bundled)

Setup time: 10-20 minutes

Key facts (verified)

  • GitHub: 53 stars · 9 forks · pushed 2026-05-13.
  • License: Apache-2.0 · owner avatar + repo URL verified via GitHub API.
  • README-verified entrypoint: ./bin/bootstrap-local.sh.

Main

  • Use the supported local happy path: bootstrap → dev → self-serve doctor (README explains what each script does).

  • Keep the default bind safe: README notes the Compose stack publishes host ports on 127.0.0.1 by default and warns about exposing to 0.0.0.0.

  • For agent clients, configure the MCP endpoint (/mcp) and follow the README Cursor config example path.

Source-backed notes

  • README Quick Start lists ./bin/bootstrap-local.sh, ./dev.sh, and ./bin/self-serve-doctor.sh as the supported local flow.
  • README states the Open WebUI UI is at http://localhost:3000 and the MCP endpoint at http://localhost:7456/mcp.
  • README links a Cursor config example at examples/cursor/mcp.json.

FAQ

  • Is it affiliated with OWASP?: No — README includes a note that it is not endorsed by OWASP/ZAP.
  • Do I need Kubernetes?: No — README says Docker Compose is the easiest install; Helm is for Kubernetes.
  • Where is the MCP endpoint?: README lists http://localhost:7456/mcp for host-side clients.
🙏

Source & Thanks

Source: https://github.com/dtkmn/mcp-zap-server > License: Apache-2.0 > GitHub stars: 53 · forks: 9

Discussion

Sign in to join the discussion.
No comments yet. Be the first to share your thoughts.

Related Assets

WhatsApp MCP Server — Chat with WhatsApp via AI Agents

MCP server connecting Claude and AI agents to your personal WhatsApp. Search contacts, read messages, send replies and media via natural language.

MCP Configs
MCP Hub

Apify MCP Server — 8,000+ Web Scrapers for Agents

Apify MCP Server connects agents to Apify Actors via a hosted endpoint (mcp.apify.com) or local run, turning thousands of web scrapers into callable tools.

MCP Configs
MCP Hub

Eion — Shared Memory Server + MCP for Agents

A shared-memory server for multi-agent systems with Postgres+Neo4j and embedded MCP tools; verified 155★, pushed 2025-07-02.

MCP Configs
MCP Hub

AskDB — Safe DB Clone + MCP for Agents

AskDB clones a DB into an isolated container and exposes an MCP endpoint with field-level visibility controls; verified 55★ and pushed 2026-05-04.

MCP Configs
MCP Hub
Home🔍Search👤Me