MCP.so
登录

Heimdall — Mcp Security Scanner

@caglarbozkurt

关于 Heimdall — Mcp Security Scanner

Security scanner for MCP servers — vet an MCP before you wire it into an agent. Detects prompt-injection, credential exfiltration (via taint analysis), RCE, and supply-chain risks, and catches cross-server exfil chains no single server reveals. Zero-dependency local CLI, SARIF ou

基本信息

分类

开发工具

许可证

MIT

运行时

node

传输方式

stdio

发布者

caglarbozkurt

提交者

Çağlar Bozkurt

配置

使用下面的配置,将此服务器添加到你的 MCP 客户端。

{
  "mcpServers": {
    "heimdall": {
      "command": "npx",
      "args": [
        "-y",
        "--package",
        "mcp-heimdall-scan",
        "heimdall-mcp"
      ]
    }
  }
}

工具

未检测到工具

工具是从 README 中自动提取的。维护者可以在 ## Tools 标题下列出工具,即可填充这部分内容。

概览

What is Heimdall — Mcp Security Scanner?

Heimdall is a local, pre-flight security scanner for Model Context Protocol (MCP) servers. It vets a single server or an entire agent configuration before an agent trusts it, without running the server by default, and requires no account or backend.

How to use Heimdall — Mcp Security Scanner?

Use the CLI via npx mcp-heimdall-scan <target> or install globally. Targets include npm/PyPI packages, local directories, git repositories, a tools/list dump, or an MCP client config file (e.g., claude_desktop_config.json). Options like --policy, --online, --json, and --sarif customize the scan. It also ships as a GitHub Action and as an MCP server itself.

Key features of Heimdall — Mcp Security Scanner

  • Static analysis without executing server code.
  • Detects injection, capability, exfiltration, provenance, and CVEs.
  • Proven data-flow paths for JS/TS (file:line evidence).
  • Audits whole agent configs for cross-server exfiltration chains.
  • Policy-based verdicts (default, strict, custom waivers with expiry).
  • Runs entirely locally, no account or backend needed.

Use cases of Heimdall — Mcp Security Scanner

  • Vet a server package before installing it in your agent.
  • Audit your entire MCP client config (e.g., claude_desktop_config.json) for cross-server risks.
  • Gate pull requests in CI using the GitHub Action to fail on risky servers.
  • Use the MCP server mode to let your agent scan a server before connecting to it.
  • Run behavioral validation (heimdall validate) in a disposable VM to check static findings against runtime behavior.

FAQ from Heimdall — Mcp

评论

开发工具 分类下的更多 MCP 服务器