MCP.so
登录
M

Mcp Scan

@Chris79OG

关于 Mcp Scan

MCP server security scanner that detects vulnerability patterns in MCP server configurations and outputs SARIF reports. Scans for prompt injection risks, tool poisoning, excessive permissions, and other security issues in Model Context Protocol servers.

基本信息

分类

开发工具

传输方式

stdio

发布者

Chris79OG

提交者

Chris79OG

配置

使用下面的配置,将此服务器添加到你的 MCP 客户端。

{
  "mcpServers": {
    "mcp-scan": {
      "command": "npx",
      "args": [
        "@syntrophy/mcp-scan"
      ]
    }
  }
}

工具

未检测到工具

工具是从 README 中自动提取的。维护者可以在 ## Tools 标题下列出工具,即可填充这部分内容。

概览

What is Mcp Scan?

Mcp Scan is a security scanner for MCP servers. It detects common vulnerability patterns such as prompt injection and tool poisoning, flags excessive permissions, and outputs its findings as SARIF 2.1.0 reports.

How to use Mcp Scan?

Run it directly via npx without installation: npx @syntrophy/mcp-scan. No other configuration or invocation details are provided in the README.

Key features of Mcp Scan

  • Detects prompt injection risks
  • Identifies tool poisoning patterns
  • Flags excessive permissions
  • Outputs standard SARIF 2.1.0 reports
  • Runs without persistent installation via npx

Use cases of Mcp Scan

  • Auditing an MCP server for prompt injection vulnerabilities
  • Scanning for tool poisoning before deploying an MCP server
  • Checking an MCP server’s permission model for over‑broad access
  • Generating SARIF reports for integration with CI/CD pipelines

FAQ from Mcp Scan

What vulnerability types does Mcp Scan detect?

It detects prompt injection risks, tool poisoning patterns, and excessive permissions.

How do I install Mcp Scan?

Installation is not required; run it directly with npx @syntrophy/mcp-scan.

What output format does the scanner produce?

It outputs standard SARIF 2.1.0 reports.

Is Mcp Scan a standalone CLI tool?

Yes, it is executed as a one‑off command via npx; no explicit runtime dependencies are mentioned in the README.

评论

开发工具 分类下的更多 MCP 服务器