The VI+ MCP Server is a Python-based application designed to fetch and format details about Common Vulnerabilities and Exposures (CVEs) using the Cisco CVM API. It provides a structured and readable summary of CVE data, including risk scores, exploitability, and fixes.
To configure the VI+ MCP Server as an MCP server in VS Code, follow these steps:
-
Open your VS Code settings file (
settings.json). -
Add the following configuration under the
"mcp"key:"mcp": { "servers": { "VI+Bot": { "type": "stdio", "command": "python", "args": [ "/Github/VI-MCP/vi_mcp.py" ] } } }
-
Save the
settings.jsonfile.
- Ensure Python is installed and accessible from your terminal.
- The
.envfile must be present in the project root and contain the required environment variables. - Update the path
/Github/VI-MCP/vi_mcp.pyin the configuration to the correct path on your local system. - If you encounter issues, verify that the path to
vi_mcp.pyis correct and that the file is executable.
For more information on configuring MCP servers in VS Code, refer to the VS Code MCP Server Documentation.
Open-WebUI is a powerful platform that allows you to integrate and expose MCP-based tools through standard OpenAPI endpoints. By using the MCP-to-OpenAPI proxy (mcpo), you can make your MCP server accessible via REST APIs, enabling seamless integration with other tools, services, and workflows. Open-WebUI simplifies deployment, provides auto-generated OpenAPI documentation, and supports interactive exploration of your APIs.
For a detailed guide on getting started with Open-WebUI, refer to the Getting Started with Open-WebUI section.
- Standardized API Access: Expose your MCP server as RESTful APIs, making it easier to integrate with existing systems.
- Interactive Documentation: Automatically generate OpenAPI documentation, accessible via a built-in Swagger UI.
- Scalability and Security: Leverage HTTP-based communication with robust authentication and scalability features.
- Ease of Use: Simplify the deployment process with minimal configuration and no need for custom clients.
To serve the VI+ MCP Server to Open-WebUI using the MCP-to-OpenAPI proxy (mcpo), follow these steps:
-
Clone the repository:
git clone <repository-url> cd VI-MCP
-
Build the Docker image:
docker build -t vi_mcp_server . -
Run the MCP-to-OpenAPI proxy with the Docker container:
uvx mcpo --port 8000 -- docker run -i --rm --env-file .env vi_mcp_server
-
Access the auto-generated OpenAPI documentation at:
http://localhost:8000/docs
For more details on using MCPO with Open-WebUI, refer to the Open-WebUI MCP Documentation.
Learn more about the MCPO project on its GitHub repository.
We recommend using the Gemma 3:12B model with MCP in Open-WebUI. This model is a highly capable multimodal model with a 128K context window, making it ideal for tasks like question answering, summarization, and reasoning. It supports over 140 languages and is optimized for deployment on resource-limited devices.
Key features of the Gemma 3:12B model:
- Multimodal capabilities: Processes both text and images.
- Large context window: 128K tokens for handling extensive input.
- High performance: Excels in reasoning, logic, and summarization tasks.
- Compact design: Runs efficiently on a single GPU.
For more information, visit the Gemma 3:12B model page.
The suggested system prompt for Open-WebUI is available in the SystemPrompt.md file. This prompt provides detailed guidance for configuring the assistant to prioritize Cisco Risk Scores and provide actionable vulnerability insights.
Create a .env file in the project root with the following content:
RISK_TOKEN=your_api_token_hereTo test the API using the test_vi_mcp.py script:
-
Ensure the
.envfile is configured with yourRISK_TOKEN. -
Run the script:
python3 test_vi_mcp.py
-
The script will fetch and display details for a hardcoded CVE ID (
CVE-2023-35078).
This project is licensed under the MIT License. See the LICENSE file for details.
Contributions are welcome! Please submit a pull request or open an issue for any suggestions or improvements.