I built an MCP server so Claude Code stops hallucinating SVG icons

Shouvik Mukherjee — Sun, 05 Apr 2026 10:05:35 +0000

Every time I ask Claude, Cursor, or Windsurf to add icons to my UI, I get hallucinated SVGs — paths that look almost right but are slightly off. Misaligned strokes, weird proportions, icons that don't match any real design system.

So I built Animotion — an open-source MCP server that gives AI coding tools access to:

745 CSS3 animations (entrance, exit, attention, loaders, 3D transforms, and 15 more categories)
9,000+ real SVG icons from Lucide, Heroicons, Tabler, and Bootstrap
10 MCP tools including search_animations, get_icon, suggest_animation, and more

Zero-clone setup

{
  "mcpServers": {
    "animotion": {
      "command": "npx",
      "args": ["-y", "animotion-mcp"]
    }
  }
}

Paste that into your Claude Code / Cursor / Windsurf MCP config. That's it. No repo clone, no npm install, no paths.

Your AI agent can now:

search_icons("shopping cart") and get a real Lucide/Heroicons SVG
search_animations("fade in") and get production-ready CSS
suggest_animation("modal appearing with bounce") and get the best match

Also works as a traditional CSS library

Don't use AI tools? The animations work as plain CSS classes too:

<link rel="stylesheet" href="https://cdn.jsdelivr.net/gh/animotion-mcp/animotion-mcp.github.io@v1.0.0/css/animotion.css">
<link rel="stylesheet" href="https://cdn.jsdelivr.net/gh/animotion-mcp/animotion-mcp.github.io@v1.0.0/css/keyframes.css">

<div class="animotion-fade-in">Hello World</div>

Why 87% of Indian SMBs Have Zero Cybersecurity — And What We're Building to Fix It

Shouvik Mukherjee — Sat, 04 Apr 2026 19:15:45 +0000

I've been in cybersecurity for 18 years. I've seen enterprise security from the inside — the ₹50 lakh annual contracts, the 6-month implementation timelines, the compliance theater. But when I started scanning Indian SMB infrastructure last year, what I found was genuinely shocking.

The numbers:

78% of Indian SMB websites have broken or misconfigured SSL
91% are missing basic security headers entirely
62% run software with known published CVEs
37% have admin panels accessible from the public internet

These aren't exotic zero-days. These are configuration basics that take minutes to fix — once you know they exist.

The Real Problem Isn't Awareness

Every founder I talk to knows cybersecurity matters. They've read about the ₹22 crore average breach cost (IBM 2025). They know about the DPDP Act and its ₹250 crore penalty ceiling. The problem isn't awareness — it's access.

Here's what the cybersecurity market looks like for an Indian SMB with ₹5 crore annual revenue:

Service	Typical Cost	Timeline
Manual VAPT engagement	₹40,000 – ₹8,50,000	2-4 weeks
Enterprise SIEM	₹15,000 – ₹50,000/month	3-6 months to implement
Compliance consultant (ISO 27001)	₹5,00,000 – ₹10,00,000	6-12 months
CISO hire	₹30,00,000 – ₹60,00,000/year	Good luck finding one

The rational response? Skip it entirely and hope for the best.

What We're Building

Bachao.AI is an AI-native end-to-end cybersecurity platform built specifically for this gap. Not a single tool — a full platform with 20+ products:

Detection & Testing:

AI VAPT Scanner (free first scan, ₹4,999 report)
API Security (REST + GraphQL)
Mobile App Security (iOS/Android)
Attack Surface Management
Secret Scanning

Monitoring & Response:

Dark Web Monitoring
MSSP-Lite (SOC-as-a-Service)
Incident Response
RASP Protection

Compliance & Governance:

DPDP Act 2023 Readiness Assessment
SEBI CSCRF Audit
Compliance Automation
Consent Manager SDK
vCISO AI Copilot

Offensive Security:

Red Team / Breach & Attack Simulation
Cyber Forensics

Consumer Protection:

Deepfake Detection
UPI QR Scanner

The Technical Architecture

For the engineers here — a few decisions we made early:

Scan isolation: Every scan runs in a Firecracker microVM — the same isolation technology AWS Lambda uses. No scan can affect another customer's environment or our own infrastructure.

Report generation: We use Claude API for contextual vulnerability analysis. Raw scanner output gets transformed into actionable, business-context reports with specific remediation steps — not generic "update your software" advice.

Data security: AES-256 encryption, 90-day default purge cycle. We don't want to be the cybersecurity company that gets breached because we hoarded customer scan data.

The Pricing Bet

Our bet is simple: if you make the entry point free and the paid tier affordable, Indian SMBs will adopt cybersecurity at scale.

Free scan: Summary report, risk score, top findings. 2-hour delivery.
₹4,999: Full vulnerability report with CVSS scoring, OWASP mapping, evidence screenshots
₹9,999: Everything above plus remediation — actual fixes, not just recommendations

That's 99% cheaper than the enterprise equivalent. We're not competing with CrowdStrike or Palo Alto. We're competing with "do nothing" — which is what 87% of Indian SMBs currently choose.

DPDP Act — The Clock Is Ticking

The Digital Personal Data Protection Act enforcement begins May 13, 2027. No grace period. Penalties up to ₹250 crore per contravention. And it applies to every business that processes personal data — regardless of size.

Every finding in our reports auto-maps to Schedule I technical safeguards. When the Data Protection Board asks "what reasonable security measures did you have in place?" — our customers have a timestamped, evidence-backed answer.

Where We Are Today

Bootstrapped, solo founder (me + COO Amit Kumar Poreli)
DPIIT recognized startup (CIN: U62099WB2025PTC275605)
20+ products live on the platform
Regulatory coverage: RBI IT Framework, DPDP Act 2023, SEBI CSCRF

If you're an Indian startup or SMB that's never run a security scan — try Bachao.AI. The first scan is free and takes 2 hours.

If you're a developer building SaaS products — I'd love to hear what security tooling gaps you face. Drop a comment.

I'm Shouvik Mukherjee, founder of Bachao.AI. Previously Principal Engineer, TEDx speaker. Building from India for Indian businesses.

DEV Community: Shouvik Mukherjee