Ctrlk
Changelog NotificationsAPIAikido login

Anthropic Claude Code Plugin

The Aikido MCP Plugin connects Aikido’s security engine to AI coding tools. It automatically scans AI generated code for vulnerabilities and hardcoded secrets as soon as it is created.

AI assistants can review their own output, but that review is not perfect. Aikido adds a reliable and consistent security layer that checks every generated snippet with proven scanning rules.

Why use Aikido MCP

  • Deterministic, independent security checks on every AI generated snippet before it is committed

  • Immediate detection and remediation of vulnerabilities and hardcoded secrets in AI assisted workflows

  • Real time feedback, making AI driven development safer by default

Installation for Claude Code CLI

1

Create a Personal Access Token

In Aikido, go to Settings → Integrations → IDE → MCP

Create a Personal Access Token (PAT) and copy/paste somewhere in a secure location.

2

Install the Aikido Plugin

Installing the Aikido Claude Code plugins can be done via Claude Code CLI.

  • Open up the terminal and enter claude.

  • Now, you can install the plugin from the Claude Plugins Marketplace

    • /plugin install aikido@claude-plugins-official

  • After install, run /reload-plugins to activate the plugin.

  • A restart of Claude Code CLI is needed to load the skills. You can exit Claude Code CLI by typing exit.

  • After you've started Claude Code again, run the setup skill with the previously generated PAT:

    • /aikido:setup your-PAT-here

By default, this saves the PAT to your Claude Code user settings and registers the MCP server automatically.

3

Finished

The Aikido Claude Plugin is now available in Claude Code.

Scanning code

  • "Use Aikido to scan this file for security issues"

  • "Run an Aikido scan on my staged changes to check for secrets before I commit"

  • "Scan the files I just edited with Aikido and link them to the payments-api repo"

Reviewing issues by repo

  • "Show me all critical Aikido issues in payments-api"

  • "List any leaked secrets in frontend-web from Aikido"

  • "What open source vulnerabilities does Aikido see in api-gateway?"

  • "Show SAST and IaC issues in infra-core from Aikido"

Reviewing issues by cloud, VM, or container

  • "List all Aikido cloud issues in prod-aws"

  • "Show malware findings on web-server-01 from Aikido"

  • "What end-of-life software is running in the nginx-proxy container per Aikido?"

  • "Show me surface monitoring issues for example.com in Aikido"

Combined workflows

  • "Use Aikido to scan my current changes, then show existing critical issues in the same repo"

  • "Check this PR with Aikido and compare against open SAST issues in the repo"

Use an environment variable instead of Claude settings

If you do not want to store the token in your Claude Code settings file, set AIKIDO_API_KEY in your system environment before starting Claude Code.

Troubleshooting

If the setup skill fails to start the MCP server, check the troubleshooting guide.

Last updated

Was this helpful?