api

Remote MCP Setup

Connect Claude Code, Codex, and other MCP clients to the hosted Risky Plugins remote MCP service.

RiskyPlugins Team
Version v1
#mcp#remote-mcp#claude-code#codex

Remote MCP Setup

Risky Plugins exposes a hosted remote MCP endpoint so your agent can query extension risk intelligence without running a local scanner.

What you get

  • Hosted SSE MCP transport
  • API-key authentication
  • Per-plan quotas and premium tool gating
  • Usage and audit history in your profile
  • Stripe-backed upgrades for Basic and Pro plans

Endpoint 

https://api.riskyplugins.com/api/v1/mcp

Your own profile page shows the exact endpoint configured for your environment under Profile -> Remote MCP.

Authentication

Generate an API key from Profile -> API Keys and send it on every MCP request:

Authorization: Bearer YOUR_API_KEY

Remote MCP access is enabled on the key automatically when you create it from the profile UI.

Claude Code example

Use the hosted SSE endpoint and the API key you generated from the profile page:

{
	"mcpServers": {
		"riskyplugins": {
			"type": "sse",
			"url": "https://api.riskyplugins.com/api/v1/mcp",
			"headers": {
				"Authorization": "Bearer YOUR_API_KEY"
			}
		}
	}
}

Codex example

Any MCP client that supports remote SSE transport can use the same endpoint and header pattern:

{
	"mcpServers": {
		"riskyplugins": {
			"transport": "sse",
			"url": "https://api.riskyplugins.com/api/v1/mcp",
			"headers": {
				"Authorization": "Bearer YOUR_API_KEY"
			}
		}
	}
}

Plans

  • Free: remote MCP enabled, lower daily quota, no premium tools
  • Basic: higher quota, more API keys, longer audit retention
  • Pro: premium MCP tools, larger quota, longer retention
  • Enterprise: contact sales for custom deployment or private access

The public pricing page lives at Pricing.

The profile billing page opens hosted Stripe Checkout for Basic and Pro, and the Stripe billing portal for subscription management.

What is billed

Billable MCP operations currently include:

  • tools/call
  • resources/read

Session initialization and tool listing are not billed.

Operational notes

  • Rate limits are enforced per API key.
  • Audit history retention depends on your plan.
  • Premium tools are hidden automatically when the key’s plan does not allow them.

Troubleshooting

If your client receives 401 Unauthorized:

  • verify that the API key was copied in full
  • verify the request is sending Authorization: Bearer ...
  • verify the key has not been revoked

If your client receives 403 Forbidden:

  • verify the key includes remote MCP access
  • verify the requested tool is available on your current plan

If your client receives 429 or a quota error:

  • review usage under Profile -> Remote MCP
  • upgrade the plan under Profile -> Billing
Back to Documentation