MCP server security scanner that detects vulnerability patterns in MCP server configurations and outputs SARIF reports. Scans for prompt injection risks, tool poisoning, excessive permissions, and other security issues in Model Context Protocol servers.
Overview
mcp-scan
MCP server security scanner that detects vulnerability patterns and outputs SARIF reports.
Features
- Detects prompt injection risks
-
- Identifies tool poisoning patterns
-
- Flags excessive permissions
-
- Outputs standard SARIF 2.1.0 reports
-
Install
-
- npx @syntrophy/mcp-scan
-
-
License
- MIT
Server Config
{
"mcpServers": {
"mcp-scan": {
"command": "npx",
"args": [
"@syntrophy/mcp-scan"
]
}
}
}