Heimdall — Mcp Security Scanner
@caglarbozkurt
Security scanner for MCP servers — vet an MCP before you wire it into an agent. Detects prompt-injection, credential exfiltration (via taint analysis), RCE, and supply-chain risks, and catches cross-server exfil chains no single server reveals. Zero-dependency local CLI, SARIF ou
Overview
What is Heimdall — Mcp Security Scanner?
Heimdall is a local, pre-flight security scanner for Model Context Protocol (MCP) servers. It vets a single server or an entire agent configuration before an agent trusts it, without running the server by default, and requires no account or backend.
How to use Heimdall — Mcp Security Scanner?
Use the CLI via npx mcp-heimdall-scan <target> or install globally. Targets include npm/PyPI packages, local directories, git repositories, a tools/list dump, or an MCP client config file (e.g., claude_desktop_config.json). Options like --policy, --online, --json, and --sarif customize the scan. It also ships as a GitHub Action and as an MCP server itself.
Key features of Heimdall — Mcp Security Scanner
- Static analysis without executing server code.
- Detects injection, capability, exfiltration, provenance, and CVEs.
- Proven data-flow paths for JS/TS (file:line evidence).
- Audits whole agent configs for cross-server exfiltration chains.
- Policy-based verdicts (default, strict, custom waivers with expiry).
- Runs entirely locally, no account or backend needed.
Use cases of Heimdall — Mcp Security Scanner
- Vet a server package before installing it in your agent.
- Audit your entire MCP client config (e.g.,
claude_desktop_config.json) for cross-server risks. - Gate pull requests in CI using the GitHub Action to fail on risky servers.
- Use the MCP server mode to let your agent scan a server before connecting to it.
- Run behavioral validation (
heimdall validate) in a disposable VM to check static findings against runtime behavior.