mcp-scanner
Verified Safeby cisco-ai-defense
Overview
Scans Model Context Protocol (MCP) servers, tools, prompts, and resources for security vulnerabilities, employing static analysis, YARA rules, Cisco AI Defense API, and LLM-based behavioral analysis.
Installation
mcp-scanner-api --host 0.0.0.0 --port 8080Environment Variables
- MCP_SCANNER_API_KEY
- MCP_SCANNER_ENDPOINT
- MCP_SCANNER_LLM_API_KEY
- MCP_SCANNER_LLM_MODEL
- MCP_SCANNER_LLM_BASE_URL
- MCP_SCANNER_LLM_API_VERSION
- MCP_SCANNER_LLM_TIMEOUT
- AWS_PROFILE
- AWS_REGION
- AWS_SESSION_TOKEN
Security Notes
The `mcp-scanner` is designed to detect security vulnerabilities in *other* MCP servers and tools. It employs robust static analysis techniques, integrates with Cisco AI Defense API, and uses LLM-as-a-judge for behavioral analysis. The tool itself follows good security practices by using environment variables for API keys and randomized delimiters to prevent prompt injection in its LLM interactions. File and function size limits are applied when scanning source code to prevent resource exhaustion during analysis.
Similar Servers
mcp-interviewer
A Python CLI tool to evaluate Model Context Protocol (MCP) servers for agentic use-cases, by inspecting capabilities, running functional tests, and providing LLM-as-a-judge evaluations.
mcp-watch
A comprehensive security scanner for Model Context Protocol (MCP) servers, detecting various vulnerabilities in their implementations.
mcp-security-scanner
A Python-based penetration testing tool designed to scan and identify vulnerabilities in Model Context Protocol (MCP) servers.
Mcpwn
Automated security testing framework for Model Context Protocol (MCP) servers, detecting RCE, path traversal, prompt injection, and protocol vulnerabilities.