zero-x-cursor

MCP server: zerox

{
  "type": "stdio",
  "command": "python",
  "args": [
    "-c",
    "import importlib.util,subprocess,sys; pkg_ok = importlib.util.find_spec('zerox_mcp') is not None; pkg_ok or subprocess.check_call([sys.executable,'-m','pip','install','--disable-pip-version-check','--quiet','git+https://github.com/Zero-X-Security/zero-x-cursor-plugin.git']); subprocess.check_call([sys.executable,'-m','zerox_mcp.server'])"
  ],
  "env": {
    "ZEROX_API_KEY": "",
    "ZEROX_BASE_URL": "https://in.zero-x.cloud"
  }
}

Explain a specific Zero-X finding and provide remediation guidance using the zerox_explain_finding MCP tool.

# Zero-X Explain Finding

Use this command to explain a specific finding reported by a previous Zero-X scan.

When you run this command:

- Ask the user which finding they want to understand, or infer it from the currently selected diagnostic or finding in the editor.
- Extract the `id` of that finding (the `id` field from the Zero-X scan result).
- Call the `zerox` MCP server and invoke the `zerox_explain_finding` tool with:

```json
{
  "finding_id": "<finding-id>"
}
```

Present the explanation returned by Zero-X, including:

- A plain-language description of the issue.
- Why it is a problem in the given context.
- Recommended remediation steps and, if available, a concrete code-level fix.

Offer to apply or adapt the recommended fix to the user’s code, and suggest re-running `zerox.scanFile` or `zerox.scanProject` afterward to verify remediation.

Run a Zero-X security and analysis scan on the currently active file using the zerox_full_scan MCP tool.

# Zero-X File Scan

Use this command to scan the currently active editor file with Zero-X.

When you run this command:

- Identify the file currently open in the editor.
- Collect:
  - `path`: logical path of the file in the workspace.
  - `content`: full file contents.
  - `language`: optional language hint based on the file type.
- Call the `zerox` MCP server and invoke the `zerox_full_scan` tool with:

```json
{
  "files": [
    {
      "path": "<current-file-path>",
      "content": "<current-file-contents>",
      "language": "<language-or-null>"
    }
  ]
}
```

Display the findings inline for the current file, highlighting the relevant line ranges and summarizing the most severe issues first. Offer to call `zerox.explainFinding` for any specific finding the user wants more detail on.

Zero-X MCP Security and Analysis Rules

# Zero-X security and analysis best practices

- Always consider running **zerox_full_scan** on generated, added, and modified first-party code, especially in security-sensitive areas (auth, crypto, payments, secrets handling, infrastructure-as-code).
- When running **zerox_full_scan**, provide the full relevant file contents and any important configuration files so Zero-X can produce accurate findings.
- When Zero-X reports issues, prefer using the remediation guidance returned by the tool to fix the code, and clearly explain how the fix addresses the underlying problem.
- After applying fixes based on Zero-X findings, run **zerox_full_scan** again on the affected files or project to verify that all reported issues have been resolved and no new issues were introduced.
- Prioritize remediation of **critical** and **high** severity findings first, then address medium and low severity issues as time permits.
- If the **Zero-X MCP server** is not installed or cannot be started successfully, inform the user and direct them to the official Zero-X MCP and Cursor plugin setup documentation.

Run a Zero-X security and analysis scan across the current project using the zerox_full_scan MCP tool.

# Zero-X Project Scan

Use this command to scan the current project with Zero-X.

When you run this command:

- Collect a representative set of source files from the workspace (especially security-sensitive areas such as authentication, authorization, cryptography, configuration, and infrastructure-as-code).
- For each file, gather:
  - `path`: logical path of the file in the workspace.
  - `content`: full file contents.
  - `language`: optional language hint (for example, `python`, `typescript`, `javascript`).
- Call the `zerox` MCP server and invoke the `zerox_full_scan` tool with:

```json
{
  "files": [
    {
      "path": "<file-path>",
      "content": "<file-contents>",
      "language": "<language-or-null>"
    }
  ]
}
```

Present the results to the user grouped by file and severity. Prioritize critical and high severity issues first, and offer to explain or remediate individual findings using the `zerox.explainFinding` command.