Tooltrust Scanner
@AgentSafe-AI
Scan MCP servers for security risks before your AI agent trusts them. Detects prompt injection, supply chain attacks (including the LiteLLM 1.82.7/1.82.8 backdoor), excessive permissions, arbitrary code execution, typosquatting, and tool shadowing. Add to your .mcp.json and let y
Overview
What is Tooltrust Scanner?
Tooltrust Scanner audits MCP servers for prompt injection, data exfiltration, and privilege escalation before an AI agent trusts them. It is designed for developers who integrate MCP servers with AI agents and need a security preflight check.
How to use Tooltrust Scanner?
Add Tooltrust as an MCP server in your configuration using the command npx -y tooltrust-mcp. Then ask your agent to run the MCP tools tooltrust_scan_config to scan all configured servers or tooltrust_scan_server to scan a specific server. A full catalog of MCP tools is documented in the usage guide.
Key features of Tooltrust Scanner
- Detects prompt injection and tool poisoning in descriptions
- Flags excessive permissions (
exec,network,db,fs) - Identifies supply‑chain CVEs and compromised package versions
- Finds privilege escalation and arbitrary code execution patterns
- Spots typosquatting, tool shadowing, and insecure secret handling
- Reports missing rate‑limit, timeout, or retry configuration on risky tools
Use cases of Tooltrust Scanner
- Scan any MCP server before integrating it with an AI agent
- Check configured servers via a single agent command
- Review detailed security findings through the live UI at tooltrust.dev
- Compare security grades across popular MCP servers
- Block known compromised packages (e.g. the LiteLLM / TeamPCP supply‑chain exploit)
FAQ from Tooltrust Scanner
What types of risks does Tooltrust Scanner catch?
It catches prompt injection, excessive permissions, supply‑chain vulnerabilities, privilege escalation, typosquatting, tool shadowing, insecure secret handling, and missing security configuration on risky tools.
How do I run Tooltrust Scanner?
Add it to your MCP client configuration using npx -y tooltrust-mcp, then ask your agent to call tooltrust_scan_config or tooltrust_scan_server.
What runtime or dependencies are required?
Tooltrust Scanner runs via npx (Node.js), so a Node.js runtime must be available on the machine where the MCP client runs.
Is there a web interface?
Yes. A live UI is available at tooltrust.dev where you can browse the public registry, review findings in the browser, and compare grades across servers.
Does it detect supply‑chain attacks?
Yes. It includes an urgent security update that detects and blocks known compromised MCP‑related package versions, including the LiteLLM / TeamPCP exploit.