Heimdall — Mcp Security Scanner
@caglarbozkurt
Heimdall — Mcp Security Scanner について
Security scanner for MCP servers — vet an MCP before you wire it into an agent. Detects prompt-injection, credential exfiltration (via taint analysis), RCE, and supply-chain risks, and catches cross-server exfil chains no single server reveals. Zero-dependency local CLI, SARIF ou
基本情報
設定
以下の設定を使って、このサーバーを MCP 対応クライアントに追加してください。
{
"mcpServers": {
"heimdall": {
"command": "npx",
"args": [
"-y",
"--package",
"mcp-heimdall-scan",
"heimdall-mcp"
]
}
}
}ツール
ツールは検出されませんでした
ツールは README から自動的に抽出されます。メンテナーは ## Tools という見出しの下に記載することで、このタブに反映できます。
概要
What is Heimdall — Mcp Security Scanner?
Heimdall is a local, pre-flight security scanner for Model Context Protocol (MCP) servers. It vets a single server or an entire agent configuration before an agent trusts it, without running the server by default, and requires no account or backend.
How to use Heimdall — Mcp Security Scanner?
Use the CLI via npx mcp-heimdall-scan <target> or install globally. Targets include npm/PyPI packages, local directories, git repositories, a tools/list dump, or an MCP client config file (e.g., claude_desktop_config.json). Options like --policy, --online, --json, and --sarif customize the scan. It also ships as a GitHub Action and as an MCP server itself.
Key features of Heimdall — Mcp Security Scanner
- Static analysis without executing server code.
- Detects injection, capability, exfiltration, provenance, and CVEs.
- Proven data-flow paths for JS/TS (file:line evidence).
- Audits whole agent configs for cross-server exfiltration chains.
- Policy-based verdicts (default, strict, custom waivers with expiry).
- Runs entirely locally, no account or backend needed.
Use cases of Heimdall — Mcp Security Scanner
- Vet a server package before installing it in your agent.
- Audit your entire MCP client config (e.g.,
claude_desktop_config.json) for cross-server risks. - Gate pull requests in CI using the GitHub Action to fail on risky servers.
- Use the MCP server mode to let your agent scan a server before connecting to it.
- Run behavioral validation (
heimdall validate) in a disposable VM to check static findings against runtime behavior.
FAQ from Heimdall — Mcp
「開発者ツール」の他のコンテンツ
nuxt-mcp / vite-plugin-mcp
antfuMCP server helping models to understand your Vite/Nuxt app better.
Code Index MCP
johnhuang316A Model Context Protocol (MCP) server that helps large language models index, search, and analyze code repositories with minimal setup
test
prysmaticlabsGo implementation of Ethereum proof of stake
Test
x1xhlolFULL Augment Code, Claude Code, Cluely, CodeBuddy, Comet, Cursor, Devin AI, Junie, Kiro, Leap.new, Lovable, Manus, NotionAI, Orchids.app, Perplexity, Poke, Qoder, Replit, Same.dev, Trae, Traycer AI, VSCode Agent, Warp.dev, Windsurf, Xcode, Z.ai Code, Dia & v0. (And other Open Sou
Smithery CLI
smithery-aiInstall, manage and develop MCP servers and skills for agents
コメント