Spaces:
Sleeping
Multi-MCP VAPT Pipeline
Ref Post in LinkedIn and comment: https://www.linkedin.com/posts/chsubhasis_vapt-agent-activity-7399454144895467520-yR6I?utm_source=share&utm_medium=member_desktop&rcm=ACoAABIj1NcBQpSiJ5ZDC9YQBBsmL4fDfy7D0LU
This project shows how a Claude SDK agent can orchestrate several MCP servers in one automated flow. Postman MCP handles API discovery, a custom VAPT MCP server performs security tests, and the Gradio app itself exposes an MCP endpoint so the entire workflow can be triggered remotely. The agent generates a full Markdown report, which powers a dashboard and a RAG-based tutor built with Chroma and Nebius embeddings. It’s a compact example of tool chaining, multi-server coordination, async testing tools, and UI-to-MCP bridging. Developers working with MCP pipelines may find this a useful pattern for building domain-specific agents.
I’d appreciate feedback from other MCP builders. Are there better ways to structure multi-server orchestration, handle long-running async tools, or expose UI features as MCP tools? Happy to learn from your approaches.
This covers both #mcp-in-action and #building-mcp tracks.
First, developed AI-powered VAPT agent built with Claude, MCP, and Gradio.
The VAPT Agent is an autonomous system that performs API security testing and generates detailed audit-ready reports.
The same Gradio application was extended to expose an MCP server interface, allowing external AI tools, automation systems, and CI/CD pipelines to call the VAPT engine programmatically.
Consume the same MCP server through streamablehttp_client, and invoke through vapt_agent_run_security_test tool.
Use the tool to generate the API spec and Security report (which can also be generated from the previous Gradio interface).