awesome-secure-mcp-servers
Verified Safeby fuzzylabs
Overview
A comprehensive security validation framework for Model Context Protocol (MCP) servers, including static code analysis, dependency scanning, and MCP-specific threat detection.
Installation
npm run security-scanEnvironment Variables
- GITHUB_TOKEN
Security Notes
This project is a security validation framework, not an MCP server itself. Its code demonstrates strong security practices for a scanner: leveraging temporary directories for cloning, retrieving sensitive tokens from environment variables, and utilizing established security tools like Bandit, ESLint, Semgrep, npm audit, safety, and mcp-scan. The project explicitly states it performs no live testing or runtime analysis of scanned code, significantly mitigating the risk of executing untrusted code. Some scan results in `data/servers.json` show errors with `mcp-scan` invocation, which indicates operational fragility, but not a fundamental security design flaw in the scanner itself. Overall, it is robustly designed for its stated purpose.
Similar Servers
awesome-mcp-servers
This repository serves as a curated list of Model Context Protocol (MCP) servers, frameworks, and utilities, providing a comprehensive directory for developers and AI practitioners.
awesome-remote-mcp-servers
A curated directory for developers to discover, evaluate, and integrate high-quality, official remote Model Context Protocol (MCP) servers into their AI applications and LLM clients.
awesome-mcp-security
This repository serves as a curated list of resources, including papers, videos, articles, tools, and servers, focusing on Model Context Protocol (MCP) security.
awesome-mcp-servers
A comprehensive collection of Model Context Protocol (MCP) servers, standardizing AI application context provision.