Heimdall — Mcp Security Scanner
@caglarbozkurt
关于 Heimdall — Mcp Security Scanner
Security scanner for MCP servers — vet an MCP before you wire it into an agent. Detects prompt-injection, credential exfiltration (via taint analysis), RCE, and supply-chain risks, and catches cross-server exfil chains no single server reveals. Zero-dependency local CLI, SARIF ou
基本信息
配置
使用下面的配置,将此服务器添加到你的 MCP 客户端。
{
"mcpServers": {
"heimdall": {
"command": "npx",
"args": [
"-y",
"--package",
"mcp-heimdall-scan",
"heimdall-mcp"
]
}
}
}工具
未检测到工具
工具是从 README 中自动提取的。维护者可以在 ## Tools 标题下列出工具,即可填充这部分内容。
概览
What is Heimdall — Mcp Security Scanner?
Heimdall is a local, pre-flight security scanner for Model Context Protocol (MCP) servers. It vets a single server or an entire agent configuration before an agent trusts it, without running the server by default, and requires no account or backend.
How to use Heimdall — Mcp Security Scanner?
Use the CLI via npx mcp-heimdall-scan <target> or install globally. Targets include npm/PyPI packages, local directories, git repositories, a tools/list dump, or an MCP client config file (e.g., claude_desktop_config.json). Options like --policy, --online, --json, and --sarif customize the scan. It also ships as a GitHub Action and as an MCP server itself.
Key features of Heimdall — Mcp Security Scanner
- Static analysis without executing server code.
- Detects injection, capability, exfiltration, provenance, and CVEs.
- Proven data-flow paths for JS/TS (file:line evidence).
- Audits whole agent configs for cross-server exfiltration chains.
- Policy-based verdicts (default, strict, custom waivers with expiry).
- Runs entirely locally, no account or backend needed.
Use cases of Heimdall — Mcp Security Scanner
- Vet a server package before installing it in your agent.
- Audit your entire MCP client config (e.g.,
claude_desktop_config.json) for cross-server risks. - Gate pull requests in CI using the GitHub Action to fail on risky servers.
- Use the MCP server mode to let your agent scan a server before connecting to it.
- Run behavioral validation (
heimdall validate) in a disposable VM to check static findings against runtime behavior.
FAQ from Heimdall — Mcp
开发工具 分类下的更多 MCP 服务器
Deepwiki MCP Server
regenrek📖 MCP server for fetch deepwiki.com and get latest knowledge in Cursor and other Code Editors
test
prysmaticlabsGo implementation of Ethereum proof of stake
Grafana MCP server
grafanaMCP server for Grafana
sentry-mcp
getsentryAn MCP server for interacting with Sentry via LLMs.
MCP Unity Editor (Game Engine)
CoderGamesterModel Context Protocol (MCP) plugin to connect with Unity Editor — designed for Cursor, Claude Code, Codex, Windsurf and other IDEs
评论