A Go-based MCP server for searching Security Now! podcast transcripts. The data set includes 1,000+ episodes spanning over 20 years.
I built this MCP because Security Now! represents a treasure trove of content on the topics of security, privacy, and the evolution of tech in the Internet age. I want that information available to my AI assistant as I iterate on my DiY router and firewall project.
I offer many thanks to Steve and Leo for their dedication to producing Security Now! and ensuring the content remains available free-of-charge.
- Local-first: SQLite-powered, no external search API needed.
- FTS5 Search: High-performance full-text search with recency weighting.
- MCP Compatible: Exposes tools for search, retrieval, and listing episodes.
- Polite Fetcher: Rate-limited download of transcripts from GRC.com.
- Minimal dependencies: Only requires
modernc.org/sqlitedirectly.
Installation requires Go 1.26 or later. The following command installs the sn-mcp binary to your $GOPATH/bin (typically ~/go/bin).
go install github.com/comeara/sn-mcp@latestMake sure $GOPATH/bin is in your PATH:
export PATH="$PATH:$(go env GOPATH)/bin"The fetch command downloads all available transcripts from GRC.com into a local SQLite database, handling as many niggling inconsistencies as I noticed. This is rate-limited to be polite to GRC's servers and takes about 10 minutes on the first run. Subsequent runs only fetch new episodes.
mkdir -p ~/sn-mcp
sn-mcp --db ~/sn-mcp/sn.db fetchRegister the MCP server with your agent.
Claude Code:
claude mcp add --transport stdio SN -- sn-mcp --db ~/sn-mcp/sn.db serveOther MCP clients — add this to your MCP config JSON:
{
"mcpServers": {
"SN": {
"command": "sn-mcp",
"args": ["--db", "~/sn-mcp/sn.db", "serve"]
}
}
}get_stats(): Returns total episode count, date range, and list of missing episode numbers.search_transcripts(query, [episode], [since], [before], [limit]): Full-text search with snippets and recency boost. Optionally filter by episode number or date range.get_episode(number): Retrieve the full transcript for a specific episode. Warning: transcripts are large (100k+ words).list_episodes([limit], [offset]): List available episodes with pagination.
I asked Claude to review a passkey migration plan against Security Now! content. Claude autonomously searched across episodes, cross-referenced Steve's advice, and flagged gaps in the plan. Here is a lightly edited transcript:
❯ Check my passkey migration plan against Security Now! content and advice.
● SN - search_transcripts (query: "passkey migration TOTP eliminate", limit: 20)
● SN - search_transcripts (query: "YubiKey passkey discoverable credential slots", limit: 20)
● SN - search_transcripts (query: "passkey downgrade attack bypass", episode: 1035, limit: 10)
● SN - search_transcripts (query: "credential exchange protocol passkey export", episode: 997, limit: 10)
... 20 searches across 15 episodes ...
Your Plan vs. Security Now! Advice
What Steve Would Approve Of
Three YubiKeys with tiered recovery — SN-973/974 covered exactly this pattern.
Steve endorsed registering multiple keys wherever services allow it.
Eliminating SMS — Steve has railed against SMS-based 2FA for years (SN-834,
835, 742). Your plan to remove recovery phone numbers after enabling passkeys
aligns perfectly.
Things to Watch Out For
1. The "password fallback" problem (SN-965, SN-922) — If a site still supports
password login, that fallback reduces the system's effective security
regardless of your passkey setup. Consider disabling password login entirely
where services allow it.
2. Passkey downgrade attacks are real (SN-1035) — Steve covered an active attack
where bad actors bypass FIDO2 by tricking users into scanning a QR code that
initiates a weaker auth flow.
3. Some sites limit passkey enrollment (SN-978) — Some sites only accept a
single passkey. Your plan assumes you can register multiple keys everywhere —
that may not always be possible.
4. Passkey portability is still immature (SN-997) — The FIDO Alliance's
Credential Exchange Protocol will eventually allow exporting passkeys between
providers. It's not widely deployed yet. YubiKey passkeys cannot be exported.
Claude searched 20 years of transcripts, identified relevant episodes, and produced actionable advice grounded in specific Security Now! content — in under two minutes.
# Build
go build -o sn-mcp .
# Test
go test -v ./...I authored this project with assistance from Claude Code. The concepts are mine. I reviewed every change. I directed the architecture. Claude wrote much of the code.
BSD 2-Clause. See LICENSE.