Secure Annex MCP server
Investigate browser extension risk, vulnerabilities, and code review findings across Chrome, Edge, and Firefox.
About
Connect Tracecat to Secure Annex to investigate browser extension risk from agents working alongside SOC and IT teams. You can search extensions by name or ID and pull the full risk profile, including permissions, contacted domains, and known vulnerabilities, when triaging a suspicious browser process. From there, agents can review AI-generated security assessments, inspect past code review findings, and decide whether to block, allowlist, or escalate without leaving the case.
Setup
- 1
Create an API key
The Secure Annex MCP server authenticates with a Secure Annex API key passed as the `SECUREANNEX_API_KEY` environment variable. The key is issued from your Secure Annex account and scoped to your tenant's catalog of analyzed extensions.
- 2
Select the
Secure Annextile in the Tracecat MCP catalogOpen the
MCP catalogin your workspace, select theSecure Annextile, and paste your API key. - 3
Enable
Secure Annexin your agentIn your
ai.agentaction orAgents→toolstab, selectSecure Annexfrom theMCP integrationsdropdown.
Tools
search_extensionsFind extensions by name, ID, owner, or other criteria.
get_extension_detailsRetrieve detailed metadata for a specific browser extension.
get_extension_versionsAccess the version history of an extension.
get_extension_vulnerabilitiesIdentify known security vulnerabilities in an extension.
get_extension_signaturesRetrieve security signatures associated with an extension.
get_extension_urlsExtract network domains contacted by an extension.
get_extension_manifest_risksAnalyze permission and manifest-related risks.
get_extension_analysisObtain an AI-powered security assessment of an extension.
get_extension_code_reviewGet a code-level security evaluation of an extension.
get_recent_updatesView extensions that were recently updated in the Secure Annex catalog.