MCP server

Use OverlayRiskWitness in Claude, Cursor, or any MCP client

OverlayRiskWitness ships a Model Context Protocol server, so an AI agent can run a vendor-independent before/after overlay scan and read the finding summary without leaving your editor or chat. Two ways to connect: the hosted HTTP endpoint, or the npm stdio server.

OverlayRiskWitness is live as an MCP server at https://overlayrisk.com/mcp and via npx -y @overlayrisk/mcp. Give it one public page URL, run that page with the overlay active and then blocked, and keep the timestamped before/after finding summary tied to that same route. If a score or statement says the page is fine, this is the step that checks what actually changed on the page. Evidence documentation, not legal advice.

Hosted endpoint (Streamable HTTP)

Point any MCP client that speaks Streamable HTTP at the hosted endpoint. It is a stateless transport, guarded the same way as the public witness API, and JSON-RPC batch requests are rejected — send one request at a time.

POST https://overlayrisk.com/mcp
List tools over HTTP
curl -s https://overlayrisk.com/mcp \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json, text/event-stream' \
  -d '{"jsonrpc":"2.0","id":1,"method":"tools/list"}'

npm stdio server

Prefer a local process? The same server runs over stdio via npm, which is what Claude Desktop launches for you. No install step required — npx fetches and runs it on demand.

Claude Desktop — claude_desktop_config.json
{
  "mcpServers": {
    "overlayrisk-witness": {
      "command": "npx",
      "args": ["-y", "@overlayrisk/mcp"]
    }
  }
}

Cursor

In Cursor, add the hosted endpoint to your MCP settings (Settings → MCP → Add new server), or drop this into your .cursor/mcp.json:

.cursor/mcp.json
{
  "mcpServers": {
    "overlayrisk-witness": {
      "url": "https://overlayrisk.com/mcp"
    }
  }
}

Tools the server exposes

witness_page

Runs the free one-page witness for a public URL — loads the page with the overlay on, then off, runs axe-core both times, and returns the before/after finding summary. Same contract as POST /api/witness.

url (string) — the public page to witness

The MCP tool runs the free, no-signup witness — one page, one before/after finding. Full multi-page Risk Packets, Drift Monitor, and Agency Watch are purchased in the dashboard.

Where it's listed

Official MCP registry
Listed as overlayrisk-witness for discovery by MCP-aware clients.
Glama
Indexed on the Glama MCP directory.
Smithery
Publication pending; the hosted endpoint is already live and usable directly.
Source
github.com/mertcanvural/overlayrisk

Not using an agent? You can run the same witness from the web app — one page free, no signup. Results from the MCP tool are evidence documentation, not legal advice.