MCP_Scanner
Verified Safeby beejak
Overview
Comprehensive security scanning for Model Context Protocol (MCP) servers, including static analysis, runtime monitoring, and AI-powered detection of vulnerabilities.
Installation
mcp-sentinel scan TARGET_PATHEnvironment Variables
- OPENAI_API_KEY
- ANTHROPIC_API_KEY
- GOOGLE_API_KEY
- VULNERABLE_MCP_API_KEY
- NVD_API_KEY
- AZURE_OPENAI_KEY
- AZURE_OPENAI_ENDPOINT
- MCP_SENTINEL_API_KEY
- NO_COLOR
- MCP_SENTINEL_NO_PROGRESS
- CI
- RUST_LOG
Security Notes
The server's core (Rust) is robust, with explicit error handling, verified zero `unwrap()` calls, and extensive logging. It actively detects dangerous patterns (e.g., `eval`, `os.system`, malicious scripts) in *scanned code* rather than using them internally. External API integrations (LLMs, NVD, VulnerableMCP) use `reqwest` with timeouts and error handling, and API keys are managed via environment variables. The system itself appears well-hardened against common security pitfalls in its own implementation.
Similar Servers
mcp-scanner
Scans Model Context Protocol (MCP) servers, tools, prompts, and resources for security vulnerabilities, employing static analysis, YARA rules, Cisco AI Defense API, and LLM-based behavioral analysis.
mcp-watch
A comprehensive security scanner for Model Context Protocol (MCP) servers, detecting various vulnerabilities in their implementations.
mcp-audit
Security audit and governance for AI agent configurations (MCPs) in development environments and GitHub repositories.
mcp-security-scanner
A Python-based penetration testing tool designed to scan and identify vulnerabilities in Model Context Protocol (MCP) servers.