MCP.so
Sign In
M

Mcp Scan

@Chris79OG

About Mcp Scan

MCP server security scanner that detects vulnerability patterns in MCP server configurations and outputs SARIF reports. Scans for prompt injection risks, tool poisoning, excessive permissions, and other security issues in Model Context Protocol servers.

Basic information

Category

Developer Tools

Transports

stdio

Publisher

Chris79OG

Submitted by

Chris79OG

Config

Add this server to your MCP-compatible client using the configuration below.

{
  "mcpServers": {
    "mcp-scan": {
      "command": "npx",
      "args": [
        "@syntrophy/mcp-scan"
      ]
    }
  }
}

Tools

No tools detected

We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.

Overview

What is Mcp Scan?

Mcp Scan is a security scanner for MCP servers. It detects common vulnerability patterns such as prompt injection and tool poisoning, flags excessive permissions, and outputs its findings as SARIF 2.1.0 reports.

How to use Mcp Scan?

Run it directly via npx without installation: npx @syntrophy/mcp-scan. No other configuration or invocation details are provided in the README.

Key features of Mcp Scan

  • Detects prompt injection risks
  • Identifies tool poisoning patterns
  • Flags excessive permissions
  • Outputs standard SARIF 2.1.0 reports
  • Runs without persistent installation via npx

Use cases of Mcp Scan

  • Auditing an MCP server for prompt injection vulnerabilities
  • Scanning for tool poisoning before deploying an MCP server
  • Checking an MCP server’s permission model for over‑broad access
  • Generating SARIF reports for integration with CI/CD pipelines

FAQ from Mcp Scan

What vulnerability types does Mcp Scan detect?

It detects prompt injection risks, tool poisoning patterns, and excessive permissions.

How do I install Mcp Scan?

Installation is not required; run it directly with npx @syntrophy/mcp-scan.

What output format does the scanner produce?

It outputs standard SARIF 2.1.0 reports.

Is Mcp Scan a standalone CLI tool?

Yes, it is executed as a one‑off command via npx; no explicit runtime dependencies are mentioned in the README.

Comments

More Developer Tools MCP servers