MCP.so
ログイン

Heimdall — Mcp Security Scanner

@caglarbozkurt

Heimdall — Mcp Security Scanner について

Security scanner for MCP servers — vet an MCP before you wire it into an agent. Detects prompt-injection, credential exfiltration (via taint analysis), RCE, and supply-chain risks, and catches cross-server exfil chains no single server reveals. Zero-dependency local CLI, SARIF ou

基本情報

カテゴリ

開発者ツール

ライセンス

MIT

ランタイム

node

トランスポート

stdio

公開者

caglarbozkurt

投稿者

Çağlar Bozkurt

設定

以下の設定を使って、このサーバーを MCP 対応クライアントに追加してください。

{
  "mcpServers": {
    "heimdall": {
      "command": "npx",
      "args": [
        "-y",
        "--package",
        "mcp-heimdall-scan",
        "heimdall-mcp"
      ]
    }
  }
}

ツール

ツールは検出されませんでした

ツールは README から自動的に抽出されます。メンテナーは ## Tools という見出しの下に記載することで、このタブに反映できます。

概要

What is Heimdall — Mcp Security Scanner?

Heimdall is a local, pre-flight security scanner for Model Context Protocol (MCP) servers. It vets a single server or an entire agent configuration before an agent trusts it, without running the server by default, and requires no account or backend.

How to use Heimdall — Mcp Security Scanner?

Use the CLI via npx mcp-heimdall-scan <target> or install globally. Targets include npm/PyPI packages, local directories, git repositories, a tools/list dump, or an MCP client config file (e.g., claude_desktop_config.json). Options like --policy, --online, --json, and --sarif customize the scan. It also ships as a GitHub Action and as an MCP server itself.

Key features of Heimdall — Mcp Security Scanner

  • Static analysis without executing server code.
  • Detects injection, capability, exfiltration, provenance, and CVEs.
  • Proven data-flow paths for JS/TS (file:line evidence).
  • Audits whole agent configs for cross-server exfiltration chains.
  • Policy-based verdicts (default, strict, custom waivers with expiry).
  • Runs entirely locally, no account or backend needed.

Use cases of Heimdall — Mcp Security Scanner

  • Vet a server package before installing it in your agent.
  • Audit your entire MCP client config (e.g., claude_desktop_config.json) for cross-server risks.
  • Gate pull requests in CI using the GitHub Action to fail on risky servers.
  • Use the MCP server mode to let your agent scan a server before connecting to it.
  • Run behavioral validation (heimdall validate) in a disposable VM to check static findings against runtime behavior.

FAQ from Heimdall — Mcp

コメント

「開発者ツール」の他のコンテンツ