OverlayRiskWitness ships as a Model Context Protocol server, so an AI agent can run a witness, read findings, and trigger a packet without leaving its toolchain. Here is the setup.
The Model Context Protocol (MCP) lets an AI client call external tools through a standard interface. OverlayRiskWitness exposes its witness contract as an MCP server, so an agent can scan a URL and reason over the findings the same way it would call any other tool.
Two transports
You can run the server locally over stdio for a desktop client, or hit the hosted Streamable-HTTP endpoint at POST /mcp. Both expose the same witness tool; the hosted endpoint is stateless and guarded the same way the public /api/witness route is.
{
"mcpServers": {
"overlayrisk-witness": {
"command": "node",
"args": ["./app/bin/start-mcp.js"],
"env": { "APP_URL": "https://overlayrisk.com" }
}
}
}Calling the witness tool
The tool takes a public URL and returns the same payload as the REST endpoint: the overlay vendor detected, how many claims were tested, the first finding in full, and a count of the locked findings behind the $49 packet.
The server is published to the official MCP registry, Glama, and npm, with a hosted Streamable-HTTP endpoint for Smithery. An agent can discover it without any manual wiring.
Because the witness is read-only and never mutates the target site, it is safe to hand to an autonomous agent — the worst it can do is load a public page twice and report what an accessibility engine saw.
The OverlayRiskWitness engineering team builds the two-pass witness runner, the axe-core diff pipeline, and the Risk Packet composer. Every post is grounded in what the engine actually observes on live pages.