diff --git a/README.md b/README.md
index 53f3739..8ad6450 100644
--- a/README.md
+++ b/README.md
@@ -6,6 +6,7 @@ JFrog plugin for [Cursor](https://cursor.com): artifact management, security sca
 
 - **Official skills.** The plugin now uses the official [jfrog-skills](https://github.com/jfrog/jfrog-skills) v0.11.0, replacing the previously bundled skill content. This brings structured reference files, automation scripts, and a three-tier tool selection strategy (MCP, CLI, REST/GraphQL).
 - **Package safety skill.** New `jfrog-package-safety-and-download` skill for checking whether packages are safe, curated, or allowed before downloading them through Artifactory.
+- **Built-in `jfrog` MCP** routed through `@jfrog/agent-guard`. **Breaking:** the previous `JFROG_PLATFORM_URL` env var (host-only, e.g. `mycompany.jfrog.io`) is replaced by `JFROG_URL`, which **must include the scheme** (e.g. `https://mycompany.jfrog.io`). Carrying over the old host-only value will produce a silently-broken endpoint URL — re-export the variable with `https://` before relaunching Cursor. See [Authentication](#authentication).
 ---
 
 ## Features
@@ -52,12 +53,16 @@ Use either the marketplace link from the [Configure Cursor](https://docs.jfrog.c
 
 | Variable | Description |
 | --- | --- |
-| `JFROG_PLATFORM_URL` | Your JFrog platform URL, e.g. `mycompany.jfrog.io` |
+| `JFROG_URL` | Your JFrog platform URL **including the scheme**, e.g. `https://mycompany.jfrog.io`. A host-only value (e.g. `mycompany.jfrog.io`) will produce a malformed endpoint and the MCP will fail to connect. |
 | `JFROG_ACCESS_TOKEN` | Your JFrog access token |
 
+> **Upgrading from a pre-v0.5.0 plugin?** The old `JFROG_PLATFORM_URL` (host-only) is gone — re-export your URL as `JFROG_URL` with `https://` in front of the host.
+
+The built-in `jfrog` MCP launches `npx @jfrog/agent-guard` and reads both `JFROG_URL` and `JFROG_ACCESS_TOKEN` from the launching shell, so make sure they're exported in the shell that starts Cursor.
+
 ### 2. Configure the JFrog CLI
 
-Run `jf login` for browser-based setup, or set the `JFROG_ACCESS_TOKEN` environment variable. MCP-based workflows authenticate via OAuth and require no additional configuration.
+Run `jf login` for browser-based setup, or set the same `JFROG_ACCESS_TOKEN` from step 1.
 
 ---
 
diff --git a/plugins/jfrog/.cursor-plugin/plugin.json b/plugins/jfrog/.cursor-plugin/plugin.json
index e24c846..5752f7e 100644
--- a/plugins/jfrog/.cursor-plugin/plugin.json
+++ b/plugins/jfrog/.cursor-plugin/plugin.json
@@ -1,7 +1,7 @@
 {
   "name": "jfrog",
   "displayName": "JFrog Platform",
-  "version": "0.5.4",
+  "version": "0.5.5",
   "description": "JFrog Platform integration with MCP, security skills, supply-chain best practices, and JFrog Agent Guard governance for adding, removing, and listing MCP servers.",
   "author": {
     "name": "JFrog",
diff --git a/plugins/jfrog/README.md b/plugins/jfrog/README.md
index 3f2b254..9d2e91e 100644
--- a/plugins/jfrog/README.md
+++ b/plugins/jfrog/README.md
@@ -8,18 +8,28 @@ JFrog Platform integration for Cursor — artifact management, security scanning
 2. An admin must **enable the JFrog MCP Server** on the platform (Cloud/SaaS only):
    - Navigate to **Administration > General > Settings** in the JFrog UI.
    - Toggle the **MCP Server** option ON and save.
-3. Set the `JFROG_PLATFORM_URL` environment variable to your JFrog instance (e.g., `mycompany.jfrog.io`).
-4. **JFrog CLI** (`jf`) is used by the skills for authentication and REST/GraphQL API operations. If missing, the agent will attempt to install it. You can also install manually via `brew install jfrog-cli` or the [official install script](https://jfrog.com/help/r/jfrog-cli/install-the-jfrog-cli).
+3. Set the `JFROG_URL` (full URL, e.g. `https://mycompany.jfrog.io`) and `JFROG_ACCESS_TOKEN` environment variables — the built-in `jfrog` MCP needs both at launch.
+4. **Node.js** (≥ 14) — with `npx` on your `PATH` (used to launch `@jfrog/agent-guard`).
+5. **JFrog CLI** (`jf`) is used by the skills for authentication and REST/GraphQL API operations. If missing, the agent will attempt to install it. You can also install manually via `brew install jfrog-cli` or the [official install script](https://jfrog.com/help/r/jfrog-cli/install-the-jfrog-cli).
 
-CLI authentication options: run `jf login` for browser-based setup, or set the `JFROG_ACCESS_TOKEN` environment variable. MCP-based workflows authenticate via **OAuth** and require no additional configuration.
+CLI authentication options: run `jf login` for browser-based setup, or set the same `JFROG_ACCESS_TOKEN` from step 3.
 
 ## Included
 
 | Component | Path | Description |
 |---|---|---|
-| **MCP** | `mcp.json` | Remote JFrog MCP server (OAuth, no API keys) |
+| **MCP** | `mcp.json` | Built-in JFrog MCP routed through `@jfrog/agent-guard` to `${JFROG_URL}/mcp` (server name: `jfrog`). Always available, not subject to AI Catalog policy — see [JFrog MCP](#jfrog-mcp). |
 | **Hook** | `hooks/hooks.json` | Agent Guard — MCP server governance via JFrog AI Catalog |
 
+### JFrog MCP
+
+The plugin ships a built-in `jfrog` MCP registered in `mcp.json`. Cursor
+launches it automatically as `npx @jfrog/agent-guard` with
+`_JF_ARGS=mcp=jfrog-mcp`. agent-guard recognizes that shape, skips the AI
+Catalog, and connects directly to `${JFROG_URL}/mcp` with
+`Authorization: Bearer ${JFROG_ACCESS_TOKEN}` (both env vars are listed
+under [Prerequisites](#prerequisites)).
+
 ### Skills
 
 | Skill | Triggers when you mention... |
diff --git a/plugins/jfrog/mcp.json b/plugins/jfrog/mcp.json
index a89f5dd..b0c9447 100644
--- a/plugins/jfrog/mcp.json
+++ b/plugins/jfrog/mcp.json
@@ -1,7 +1,15 @@
 {
   "mcpServers": {
     "jfrog": {
-      "url": "https://${JFROG_PLATFORM_URL}/mcp"
+      "command": "npx",
+      "args": [
+        "--yes",
+        "--registry", "https://releases.jfrog.io/artifactory/api/npm/coding-agents-npm",
+        "@jfrog/agent-guard"
+      ],
+      "env": {
+        "_JF_ARGS": "mcp=jfrog-mcp"
+      }
     }
   }
 }
diff --git a/plugins/jfrog/templates/jfrog-mcp-management.md b/plugins/jfrog/templates/jfrog-mcp-management.md
index c2232e0..73095b5 100644
--- a/plugins/jfrog/templates/jfrog-mcp-management.md
+++ b/plugins/jfrog/templates/jfrog-mcp-management.md
@@ -55,6 +55,12 @@ STOP — do NOT run the command with guesses.
 
 ## Adding an MCP
 
+**Note — built-in `jfrog`:** the bundled `jfrog` entry
+(`_JF_ARGS=mcp=jfrog-mcp`, bypasses the catalog) is NEVER installed,
+inspected, or edited via this flow. For catalog-managed tool policy
+on JFrog, install the catalog version under a DIFFERENT `mcpServers`
+key (e.g., `jfrog-catalog`) so it coexists with the built-in.
+
 **Did the user name a specific MCP package?** ("add `foo-mcp`",
 "install `@scope/bar`"). If NOT — they said something like "yes",
 "add an MCP", "what can I install" — your FIRST action is to show
@@ -290,6 +296,9 @@ Outcomes:
 
 ## Removing an MCP
 
+**Note — built-in `jfrog`:** removal is only via uninstalling the
+`jfrog` plugin from Cursor; never delete it from the bundled `mcp.json`.
+
 1. Delete the entry from `mcpServers` in the file it was installed
    in (`.cursor/mcp.json` or `~/.cursor/mcp.json`).
 2. If OAuth was used (Step 5), also remove its entry from
@@ -305,7 +314,7 @@ touching any file or shell:
 
 | User said… | Run |
 | --- | --- |
-| "available", "what can I install", "what's in the catalog", "list MCPs" without other context | **Available to install** below — go straight to `--list-available`; do NOT inspect local files first |
+| "available", "what can I install", "what's in the catalog", "list MCPs", "what MCPs can I use", "which MCP servers can I use" without other context | **Available to install** below — go straight to `--list-available`; do NOT inspect local files first |
 | "installed", "configured", "connected", "running", "what MCPs do I have" | **Currently installed** below |
 | ambiguous / both | run **both** subsections in order: Currently installed first, then Available to install, and present them as separate tables |
 
@@ -326,7 +335,9 @@ elsewhere.
    and whose `args` include `@jfrog/agent-guard`, show: display name
    (the JSON key), package (`mcp=` in `_JF_ARGS`), server
    ID (value after `--server`), scope (project / user).
-3. If a configured entry does not appear in `cursor agent mcp list`,
+3. The bundled `jfrog` entry (`_JF_ARGS=mcp=jfrog-mcp`) is reported
+   with `scope: plugin (jfrog)`, `package: jfrog-mcp (bundled)`.
+4. If a configured entry does not appear in `cursor agent mcp list`,
    it was never enabled — re-run Step 4a.
 
 ### Available to install
@@ -421,6 +432,12 @@ the display name.
   Tools & MCP** — never enabled. Re-run Step 4a
   (`cursor agent mcp enable <name>`); if the entry is brand-new,
   also `Developer: Reload Window` so Cursor picks up the file.
+- **Built-in `jfrog` MCP missing** — almost always `JFROG_URL` /
+  `JFROG_ACCESS_TOKEN` not exported in the launching shell
+  (agent-guard reads them from the shell for the plugin's bundled
+  `jfrog` entry — they MUST NEVER be added to any `mcp.json` `env`
+  block, including the bundled one); agent-guard fails fast at
+  startup, check the error in the Cursor MCP / Output panel.
 - **Agent Guard: `multiple/no JFrog server configured`** (the agent guard
   cannot pick a JFrog server) — pass `--server <ID>` (after
   `jf c add <SERVER_ID>`) OR export both `JFROG_URL` and