MCP_Scanner
Verified Safeby beejak
Overview
Comprehensive security scanning for Model Context Protocol (MCP) servers, including static analysis, AI-powered vulnerability detection, supply chain security, and threat intelligence integration for CI/CD, automated reporting, and developer feedback.
Installation
mcp-sentinel scan ./my-mcp-server-projectEnvironment Variables
- VULNERABLE_MCP_API_KEY
- NVD_API_KEY
- OPENAI_API_KEY
- ANTHROPIC_API_KEY
- GOOGLE_API_KEY
- MISTRAL_API_KEY
- COHERE_API_KEY
- HUGGINGFACE_API_KEY
- AZURE_OPENAI_KEY
- AZURE_OPENAI_ENDPOINT
- MCP_SENTINEL_API_KEY
- NO_COLOR
- MCP_SENTINEL_NO_PROGRESS
- CI
- RUST_LOG
Security Notes
The project is a security scanner designed to detect vulnerabilities, not introduce them. It explicitly identifies and flags dangerous code patterns (e.g., `eval`, `os.system`) within the *target code*, not in its own implementation. API keys are managed via environment variables. Privacy concerns regarding sending code to cloud LLMs are acknowledged and local LLM options (Ollama) are prioritized by default. Logging is structured to avoid exposing secrets. The architecture demonstrates robust security practices for a security tool.
Similar Servers
mcp-scanner
A Python tool for scanning Model Context Protocol (MCP) servers and tools to detect potential security findings by leveraging Cisco AI Defense API, YARA rules, and LLM-as-a-judge.
mcp-watch
A comprehensive security scanner for Model Context Protocol (MCP) servers that detects vulnerabilities and security issues in MCP implementations.
mcp-zap-server
Exposes OWASP ZAP actions as Model Context Protocol (MCP) tools, enabling AI agents (e.g., Claude Desktop, Cursor) to orchestrate security scanning operations, import OpenAPI specs, and generate reports.
mcp-security-scanner
A Python-based penetration testing tool designed to scan and identify vulnerabilities in Model Context Protocol (MCP) servers.