Run domain and service recon to assess network exposure and security signals.
This MCP tool is positioned for network reconnaissance queries. It requires no credentials and is listed in the official registry with open-source code, which improves auditability. Its main security surface appears to be the normal capability of this tool class: local execution and outbound queries to target networks, so it is better rated as caution rather than high risk.
The material explicitly states that no keys or environment variables are required. No API tokens, account passwords, or other sensitive credentials are requested, so credential exposure or abuse risk appears low from the provided facts.
The description shows functionality for DNS, WHOIS, TLS, and HTTP header reconnaissance, which implies outbound network requests to user-specified targets and transmission of query data to relevant network services. No fixed remote endpoint or unknown data sink is declared, but network egress is a core capability here, so inputs should not contain sensitive data.
The objective checks already mark this tool as executes-code, meaning it runs locally as an MCP process and performs its probing logic. The provided material does not show requests for unusual system privileges or actions unrelated to its stated purpose, so this is a standard execution capability for this tool category.
The material only describes network reconnaissance capabilities and does not state any need to read/write local files, access databases, browser data, or other local sensitive resources. Based on the available information, there is no clear sign of excessive data access.
The source is an official registry entry, with an open-source repository and updates within the last year, all of which are positive signals. However, the lack of a README, no declared license, and very low community adoption (0 stars) reduce transparency and ecosystem validation. Overall, supply-chain risk appears manageable but still warrants code and dependency review.
Copy the install command and let the AI configure it · recommended for beginners
Please install the "io.github.nan786521/recon-kit-mcp" MCP server from askskill: Run: claude mcp add 'io-github-nan786521-recon-kit-mcp' -- npx -y recon-kit-mcp
Run safe bug bounty recon and organize manual testing evidence and plans.
Query DNS, SSL, WHOIS, and email security intelligence with NetIntel.
Run local DNS security checks, DNSSEC validation, and email security audits.
Run passive, subdomain, vulnerability, and OSINT reconnaissance with reconFTW tools.
Inspect domain WHOIS, DNS, certificates, security posture, and reputation signals.
Perform DNS reconnaissance and asset discovery through natural language requests.