mcpscanner
Verified Safeby pangeacyber
Overview
Analyzes MCP servers by discovering configuration files, fetching available tools and resources, scanning them for security risks using Pangea AI Guard, and reporting findings including tool similarities and changes.
Installation
mcpscanner scanEnvironment Variables
- PANGEA_AI_GUARD_TOKEN
Security Notes
The server appears to be designed with security in mind. It uses environment variables for sensitive API tokens (PANGEA_AI_GUARD_TOKEN) and explicitly integrates with a security service (Pangea AI Guard) to scan discovered tools. There are no obvious signs of 'eval', obfuscation, or hardcoded secrets. Network interactions are for legitimate scanning purposes. The primary security risks would stem from the inherent trust placed in the external MCP servers being scanned and the Pangea API.
Similar Servers
mcp-scanner
Scans Model Context Protocol (MCP) servers, tools, prompts, and resources for security vulnerabilities, employing static analysis, YARA rules, Cisco AI Defense API, and LLM-based behavioral analysis.
mcp-interviewer
A Python CLI tool to evaluate Model Context Protocol (MCP) servers for agentic use-cases, by inspecting capabilities, running functional tests, and providing LLM-as-a-judge evaluations.
mcp-watch
A comprehensive security scanner for Model Context Protocol (MCP) servers, detecting various vulnerabilities in their implementations.
Reversecore_MCP
Provides a Micro-Agent Control Protocol (MCP) server that wraps various reverse engineering CLI tools and libraries, enabling AI agents to perform binary analysis, malware analysis, and vulnerability research through natural language commands.