Orcho MCP Server for Cursor

Risk assessment for AI coding prompts - Automatically analyze your coding requests for security and safety risks before execution.

🚀 Quick Install

Click this link to automatically install in Cursor:

cursor://anysphere.cursor-deeplink/mcp/install?name=orcho&config=eyJuYW1lIjoib3JjaG8iLCJ0eXBlIjoic3RkaW8iLCJjb21tYW5kIjoibnB4IiwiYXJncyI6WyIteSIsIkBvcmNob19yaXNrL21jcC1zZXJ2ZXIiXSwiZW52Ijp7Ik9SQ0hPX0FQSV9LRVkiOiJ0ZXN0X2tleV9vcmNob18xMjM0NSJ9fQ==

How to use:

1. Copy the link above
2. Paste it into your browser's address bar and press Enter
3. Cursor will open and automatically configure the MCP server
4. Replace the test API key with your real key (see API Configuration)
5. Restart Cursor to activate
6. Replace the test API key with your real key (see API Configuration)
7. Restart Cursor to activate the MCP server

---

What is Orcho??

Orcho analyzes your coding prompts in real-time to identify potential security risks, dangerous operations, and safety concerns before code is generated or executed.

Features

• 🔍 Real-time Risk Assessment - Analyze prompts using Orcho's risk analysis API
• 📁 Context-Aware - Automatically includes file context for accurate blast radius and complexity analysis
• 🛡️ Security First - Identifies high-risk prompts before execution
• 🔌 Seamless Integration - Works natively with Cursor's Model Context Protocol

---

Installation

Option 1: One-Click Install (Recommended)

Copy and paste this link into your browser:

cursor://anysphere.cursor-deeplink/mcp/install?name=orcho&config=eyJuYW1lIjoib3JjaG8iLCJ0eXBlIjoic3RkaW8iLCJjb21tYW5kIjoibnB4IiwiYXJncyI6WyIteSIsIkBvcmNob19yaXNrL21jcC1zZXJ2ZXIiXSwiZW52Ijp7Ik9SQ0hPX0FQSV9LRVkiOiJ0ZXN0X2tleV9vcmNob18xMjM0NSJ9fQ==

This automatically:

• ✅ Configures the MCP server in Cursor
• ✅ Sets up auto-installation via npx
• ⚠️ Next step: Replace the test API key with your real key (see below)
• ⚠️ Then: Restart Cursor

Option 2: Manual Installation

1. Install the package:

   npm install -g @orcho_risk/mcp-server

2. Configure Cursor:

   Create or edit ~/.cursor/mcp.json (Windows: C:\Users\<YourUsername>\.cursor\mcp.json):

   {
     "mcpServers": {
       "orcho": {
         "command": "npx",
         "args": ["-y", "@orcho_risk/mcp-server"],
         "env": {
           "ORCHO_API_KEY": "your-api-key-here"
         }
       }
     }
   }

3. Restart Cursor completely (quit and reopen)

---

API Configuration

Get Your API Key

1. Sign up at app.orcho.ai
2. Navigate to API Settings (Dashboard → API Keys)
3. Create or copy your API key
4. Update your mcp.json file:
   • Location: ~/.cursor/mcp.json (or C:\Users\<YourUsername>\.cursor\mcp.json on Windows)
   • Replace test_key_orcho_12345 with your actual API key

Test API Key

For initial testing, you can use:

test_key_orcho_12345

Note: The test key has limited functionality and rate limits. Get your own API key from app.orcho.ai for production use.

Security Best Practices

• ✅ Store API keys only in ~/.cursor/mcp.json (not in your project)
• ✅ Never commit API keys to version control
• ✅ Rotate keys immediately if accidentally exposed

---

Usage

Manual Assessment

In Cursor chat, type:

@orcho assess_risk: Your prompt here

Automatic Assessment (Recommended)

Enable automatic risk assessment for all prompts by adding a Cursor rule to your project.

Option 1: Project Rules (Modern - Recommended)

Copy the rule file to your project:

# Create .cursor/rules directory
mkdir -p .cursor/rules

# Copy the rule file
cp node_modules/@orcho_risk/mcp-server/.cursor/rules/orcho-risk-assessment.mdc .cursor/rules/

Or manually copy from:

node_modules/@orcho_risk/mcp-server/.cursor/rules/orcho-risk-assessment.mdc

Option 2: Legacy .cursorrules File

Copy the example rules file:

cp node_modules/@orcho_risk/mcp-server/.cursorrules.example .cursorrules

Note: Project Rules (Option 1) are the modern approach and support more features.

---

How It Works

Context-Aware Assessment

Orcho automatically gathers context when available:

• Current File: Detects the file open in your editor
• Other Files: Analyzes which files will be modified by the prompt
• Dependency Graph: Optional project dependency information
• Blast Radius: Calculates impact scope of changes

Example

User: "Delete all user data from the database"
→ Cursor calls: @orcho assess_risk with context
→ Risk: HIGH (score: 95)
→ Cursor warns: "⚠️ HIGH RISK: This could cause data loss. Proceed?"

Tool Parameters

• task (required): The prompt to assess
• current_file (recommended): Path to currently open file
• other_files (recommended): Array of files that will be modified
• dependency_graph (optional): Project dependency graph
• weights (optional): Custom risk calculation weights
• aiignore_file (optional): Path to .aiignore file

---

Troubleshooting

MCP Server Not Loading

1. Check mcp.json location:

   • Mac/Linux: ~/.cursor/mcp.json
   • Windows: C:\Users\<YourUsername>\.cursor\mcp.json

2. Verify Node.js is installed:

   node --version  # Requires v18+

3. Check Cursor Developer Tools:

   • Help → Toggle Developer Tools
   • Look for MCP-related errors in Console

API Errors

• Invalid API Key: Verify the key is correct in mcp.json
• Rate Limits: Check your account quota at app.orcho.ai
• No API Key: The server will use the test key by default (limited functionality)

Still Having Issues?

• Check that Cursor is fully restarted (quit and reopen)
• Verify your API key is valid at app.orcho.ai
• Ensure you have internet connectivity

---

License

MIT

Support

For issues and questions:

• GitHub Issues: [Your Repo URL]
• Orcho Support: [Support URL]