OpenAI Codex CLI MCP

The Aikido MCP Server connects Aikido’s security engine to AI coding tools that support MCP. It automatically scans AI generated code for vulnerabilities and hardcoded secrets as soon as it is created.

AI assistants can review their own output, but that review is not perfect. Aikido adds a reliable and consistent security layer that checks every generated snippet with proven scanning rules.

Why connect Aikido via MCP

Deterministic, independent security checks on every AI generated snippet before it is committed
Immediate detection and remediation of vulnerabilities and hardcoded secrets in AI assisted workflows
Real time feedback inside your IDE or agent environment, making AI driven development safer by default

Available Tools

aikido_full_scan: Runs a combined SAST + Secrets scan on provided files.
aikido_sast_scan: Runs a local SAST (static application security testing) scan on provided files
aikido_secrets_scan: Runs a secrets-only scan on provided files

Installation

Create a personal access token

In Aikido, go to Settings → Integrations → IDE → MCP

Create a Personal Access Token.

Install the Aikido MCP server

codex mcp add aikido \
  --env AIKIDO_API_KEY=YOUR_TOKEN \
  -- npx -y @aikidosec/mcp

Replace YOUR_TOKEN with the token from the previous step.

Add the Aikido rule to Global AGENTS file

Create the codex directory if it doesn't exist yet.

mkdir -p ~/.codex/skills

Download the Aikido rule and add it to ~/.codex/skills/aikido-rule.txt.

curl -fsSL "https://gist.githubusercontent.com/kidk/aa48cad6db80ba4a38493016aae67712/raw/3644397b7df43423e3da06434491b40bbb79dd47/aikido-rule.txt" \
  -o ~/.codex/skills/aikido-rule.txt

Finished

Aikido MCP is now available in Codex CLI.

Restart Codex CLI if it was open.

Last updated 2 months ago

Was this helpful?

hashtagAvailable Tools

hashtagInstallation

hashtagCreate a personal access token

hashtagInstall the Aikido MCP server

hashtagAdd the Aikido rule to Global AGENTS file

hashtagFinished