mcp-watch
Verified Safeby kapilduraphe
Overview
A comprehensive security scanner for Model Context Protocol (MCP) servers that detects various vulnerabilities in MCP implementations.
Installation
npx mcp-watch scan https://github.com/user/mcp-serverEnvironment Variables
- NODE_ENV
Security Notes
The scanner uses 'spawnSync' to execute 'git clone' for remote repository analysis. While arguments are passed safely as an array to prevent shell injection, executing arbitrary git commands on potentially untrusted repositories, even in temporary directories, inherently carries a small risk. The tool actively sanitizes detected credentials in its output to prevent self-leakage, which is a strong security practice for a security scanner.
Similar Servers
mcp-scanner
A Python tool for scanning MCP (Model Context Protocol) servers and tools for potential security findings by combining Cisco AI Defense inspect API, YARA rules, and LLM-as-a-judge to detect malicious MCP tools.
codebadger-toolkit
Containerized Model Context Protocol (MCP) server for static code analysis using Joern's Code Property Graph (CPG) technology, supporting various programming languages for code exploration, security auditing, and dataflow analysis.
mcp-security-scanner
A Python-based penetration testing tool designed to scan and identify vulnerabilities in Model Context Protocol (MCP) servers.
MCP-Security-Framework
A comprehensive security testing framework for Model Context Protocol (MCP) servers, designed to detect vulnerabilities through automated sandboxing and active probing.