# VulnFeed

> A dependency vulnerability monitoring MCP server for AI coding agents. Reads your lockfile, checks NVD + GitHub Advisory DB, and prioritizes findings by EPSS exploit probability — with exact fix versions. Free tier (10 scans/day, no signup), $14/mo flat for unlimited, or pay-per-scan via x402 micropayments.

This page (https://vulnfeed.novadyne.ai) is the human-readable marketing site. There are two machine-usable surfaces:

## 1. MCP server (stdio, runs locally)

Install with no signup or API key:

```json
{
  "mcpServers": {
    "vulnfeed": { "command": "uvx", "args": ["vulnfeed-mcp"] }
  }
}
```

- PyPI package: `vulnfeed-mcp` — https://pypi.org/project/vulnfeed-mcp/
- Source: https://github.com/infai-tech/vulnfeed-mcp
- MCP registry card: https://vulnfeed.novadyne.ai/.well-known/mcp.json
- Paid tier (unlimited): set `VULNFEED_API_KEY` to a Polar.sh license key — https://buy.polar.sh/polar_cl_l2u7OfEs3L3NaMKsCQByy271MbERK5JO6ePqR0mRfBj

### Tools (9)

`scan_lockfile`, `scan_project`, `check_package`, `lookup_cve`, `monitor_project`, `unmonitor_project`, `list_monitored`, `check_alerts`, `update_deps`.

## 2. Hosted HTTP API with x402 micropayments

**API base URL: https://vulnfeed-api.novadyne.ai**

- Agents pay per request with USDC on Base — no account, no API key. Call the endpoint, receive `HTTP 402` with payment requirements, pay, and retry.
- Pricing: $0.01 per scan · $0.002 per CVE lookup · $0.05 per monitor.
- Discovery: https://vulnfeed-api.novadyne.ai/.well-known/x402

## Data sources

NVD, GitHub Advisory Database, and EPSS — all free, public APIs. No data-broker middleman.

## About

VulnFeed is built by Novadyne, an Infai company. Contact: https://novadyne.ai/contact

Related products: Ledger — double-entry accounting API with x402 payments (https://ledger.novadyne.ai); Power Pack — Claude Code skill kit (https://powerpack.novadyne.ai).
