Mcp Scan
@Chris79OG
About Mcp Scan
MCP server security scanner that detects vulnerability patterns in MCP server configurations and outputs SARIF reports. Scans for prompt injection risks, tool poisoning, excessive permissions, and other security issues in Model Context Protocol servers.
Basic information
Config
Add this server to your MCP-compatible client using the configuration below.
{
"mcpServers": {
"mcp-scan": {
"command": "npx",
"args": [
"@syntrophy/mcp-scan"
]
}
}
}Tools
No tools detected
We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.
Overview
What is Mcp Scan?
Mcp Scan is a security scanner for MCP servers. It detects common vulnerability patterns such as prompt injection and tool poisoning, flags excessive permissions, and outputs its findings as SARIF 2.1.0 reports.
How to use Mcp Scan?
Run it directly via npx without installation: npx @syntrophy/mcp-scan. No other configuration or invocation details are provided in the README.
Key features of Mcp Scan
- Detects prompt injection risks
- Identifies tool poisoning patterns
- Flags excessive permissions
- Outputs standard SARIF 2.1.0 reports
- Runs without persistent installation via npx
Use cases of Mcp Scan
- Auditing an MCP server for prompt injection vulnerabilities
- Scanning for tool poisoning before deploying an MCP server
- Checking an MCP server’s permission model for over‑broad access
- Generating SARIF reports for integration with CI/CD pipelines
FAQ from Mcp Scan
What vulnerability types does Mcp Scan detect?
It detects prompt injection risks, tool poisoning patterns, and excessive permissions.
How do I install Mcp Scan?
Installation is not required; run it directly with npx @syntrophy/mcp-scan.
What output format does the scanner produce?
It outputs standard SARIF 2.1.0 reports.
Is Mcp Scan a standalone CLI tool?
Yes, it is executed as a one‑off command via npx; no explicit runtime dependencies are mentioned in the README.
More Developer Tools MCP servers
Golf
golf-mcpProduction-Ready MCP Server Framework • Build, deploy & scale secure AI agent infrastructure • Includes Auth, Observability, Debugger, Telemetry & Runtime • Run real-world MCPs powering AI Agents
Serena
oraiosA powerful MCP toolkit for coding, providing semantic retrieval and editing capabilities - the IDE for your agent
MCP Unity Editor (Game Engine)
CoderGamesterModel Context Protocol (MCP) plugin to connect with Unity Editor — designed for Cursor, Claude Code, Codex, Windsurf and other IDEs
MCP-Scan: An MCP Security Scanner
invariantlabs-aiSecurity scanner for AI agents, MCP servers and agent skills.
FastAPI-MCP
tadata-orgExpose your FastAPI endpoints as Model Context Protocol (MCP) tools, with Auth!
Comments