KernelScan
io.kernelscan/kernelscan · v1.0.0 · MCP 2025-11-25
Linux kernel CVE analyzer: upload a .config, get a CycloneDX VEX report of affecting CVEs.
Reachability
reachable
checked 2026-07-14 04:31 UTC
Registry status active
Tools pinned 10
57cce905fa07
Tools last changed
unchanged since first capture 2026-07-14
Provenance
Registry namespace io.kernelscan
(domain verified by the official registry)
Website
https://kernelscan.io
Remote endpoints
https://kernelscan.io/mcp/ (streamable-http)
Observed changes
| When (UTC) | Event | Detail |
|---|---|---|
| 2026-07-14 03:23 | first capture | 10 tools pinned |
Pinned tool definitions (10)
| Tool | Description |
|---|---|
| search_cves | Search Linux kernel CVEs. No API key required: keyless callers get the free public tier — recent high-severity Linux kernel CVEs (capped at 25 results). Free *keyed* callers see only CVEs published in the last... |
| get_cve | Fetch a single Linux kernel CVE by ID (e.g. ``CVE-2024-12345``). No API key required: keyless callers get the public representation of a CVE, but only for CVEs in the public set (recent high-severity); any other... |
| list_products | List the calling user's products with denormalized analysis stats. Paid plans only (basic / pro / enterprise). Free callers get a clear upgrade message. |
| get_product | Fetch one product owned by the caller, including the CVE breakdown. Returns 404 (not 403) if the product belongs to another user, so product existence isn't leaked across accounts. |
| get_product_vex | Return the CycloneDX 1.6 VEX document for one of the caller's products. Reads from the 24h ProductVexCache; if the cache is empty/expired the next call to ``get_product`` (or the REST endpoint) will regenerate it. |
| create_product | Create a new product, run analysis, and return its initial stats. ``config_upload_id`` references a previously-staged .config that the caller POSTed to ``/api/configs/uploads`` over plain HTTP — the LLM does NOT... |
| update_product | Update a product owned by the caller. Re-runs analysis if the kernel_version, arch, or referenced .config changed. To change the .config, first POST the new file to ``/api/configs/uploads`` (see... |
| whoami | Return the caller's identity, plan, and quota state. Works without an API key: keyless callers get a lightweight public-tier payload (no account) describing how to request access. |
| request_access | Request an invitation to KernelScan from inside MCP (no API key needed). Use this when a keyless caller wants the full service. It records an invitation request and emails a confirmation; an admin reviews it and, ... |
| submit_support_report | Send a support / dispute report to KernelScan staff. Use this when an automated CVE or factor assessment looks wrong, or when you need to hand human-needed context back to the team. The caller's API-key user is... |
Status badge
[](https://toolpin.dev/servers/io.kernelscan/kernelscan)
Maintain this server? Add the badge to your README — it links your users to this live status page.