MCP-Security-Framework
Verified Safeby JoKFA
Overview
A comprehensive security testing framework for Model Context Protocol (MCP) servers, designed to detect vulnerabilities through automated sandboxing and active probing.
Installation
python mcpsf.py assess <source>Environment Variables
- OPENAI_API_KEY
- ANTHROPIC_API_KEY
- BRAVE_API_KEY
- GITHUB_TOKEN
- STRIPE_API_KEY
- AWS_ACCESS_KEY_ID
- GOOGLE_API_KEY
- DATABASE_URL
- MONGODB_URL
- REDIS_URL
Security Notes
The framework employs strong sandboxing via Docker containers to isolate target MCP servers and their dependencies. All interactions with targets are mediated by a SafeAdapter, enforcing scope, rate limits, and evidence redaction. While executing untrusted code (dependency installation, server startup) is inherent to its testing function, this occurs within an isolated Docker environment. The crash analysis loop, which may install system dependencies (e.g., via `apt-get install`), broadens the in-container attack surface but remains confined within the sandbox. No direct hardcoded secrets for framework operation or obfuscated code were detected in the provided source code. The design prioritizes non-destructive assessment of external targets.
Similar Servers
mcp-interviewer
A Python CLI tool designed to evaluate, test, and generate reports on Model Context Protocol (MCP) servers to ensure compatibility and quality for LLM agent use cases.
mcp-watch
A comprehensive security scanner for Model Context Protocol (MCP) servers that detects various vulnerabilities in MCP implementations.
toolhive-studio
ToolHive is a desktop application that simplifies the discovery, deployment, and management of Model Context Protocol (MCP) servers in secure containers, and connects them to AI agents and clients.
mcp-security-scanner
A Python-based penetration testing tool designed to scan and identify vulnerabilities in Model Context Protocol (MCP) servers.