Compuute MCP Security Scanner
@Compuute
Scan-as-a-Service for MCP servers — HTTP+MCP wrapper around compuute-scan
Overview
What is Compuute MCP Security Scanner?
A Scan-as-a-Service for MCP servers, wrapping the compuute-scan static security scanner in an HTTP API and MCP tool interface. It accepts a public GitHub repo URL and returns a structured security report scored against 37 MCP-specific rules across 8 languages (TypeScript/JavaScript, Python, Go, Rust, C#, Java, Kotlin). Designed for agent-driven consumption.
How to use Compuute MCP Security Scanner?
Send a POST request to /v1/scan with a repo_url JSON body (free, rate-limited) or use the /v1/scan/pay endpoint with an X-Payment header for micropayments. For Claude Code, run claude mcp add compuute-scan --transport http --url https://scan.compuute.se/mcp/ and then invoke the scan_mcp_server tool. The open source CLI can be run locally with npx compuute-scan ./repo.
Key features of Compuute MCP Security Scanner
- 37 MCP-specific static analysis rules.
- Idempotent retries with 24‑hour cache.
- x402 micropayment option for autonomous agents.
- OWASP security headers and strict input validation.
- OpenAPI spec and MCP tool for agent discovery.
- Honest framing: every response includes a false-positive disclaimer.
Use cases of Compuute MCP Security Scanner
- Evaluate third-party MCP servers before integration.
- Triage security findings in agent supply chain pipelines.
- Enterprise security audit for MCP servers in production.
- AI procurement risk audit for CFOs, CTOs, and CISOs.
FAQ from Compuute MCP Security Scanner
What is the false positive rate of the scanner?
The scanner is a pattern-breadth detector with a historic raw false-positive rate of ~90% (138 raw findings → 13 confirmed). Every response includes a _disclaimer field; use findings as a triage queue, not as confirmed vulnerabilities.
How do I install and use the scanner in Claude Code?
Run claude mcp add compuute-scan --transport http --url https://scan.compuute.se/mcp/ and then use the scan_mcp_server tool with a GitHub URL. The tool returns the same structured report as the HTTP API.
What are the pricing tiers for Compuute MCP Security Scanner?
The open source CLI and hosted free API (rate-limited) are $0. The hosted API supports x402 micropayments at $0.10 USDC per scan on Base L2. Enterprise MCP Security Audits start at $5K and AI Procurement Risk Audits at $5K–$15K.
What languages and rules does the scanner cover?
It covers 37 MCP-specific rules across 8 languages: TypeScript/JavaScript, Python, Go, Rust, C#, Java, and Kotlin.
Is authentication required to use the scanning API?
No authentication is required for the free tier (POST /v1/scan). The paid tier (POST /v1/scan/pay) requires an X-Payment header for x402 micropayment authorization.