proofscan
Verified Safeby proofofprotocol
Overview
proofscan is an MCP (Model Context Protocol) server scanner that provides full visibility into JSON-RPC communication by capturing, saving, visualizing, and testing interactions, and offering a proxy for multiple MCP servers.
Installation
pfscan proxy start --connectors time,weatherEnvironment Variables
- PFSCAN_CONFIG
- PFSCAN_LANG
- LC_ALL
- LANG
Security Notes
The tool handles sensitive data (API keys, etc.) through a dedicated `secrets` module. On Windows, it leverages DPAPI for encryption. However, on non-Windows platforms (Linux, macOS), secrets are explicitly stated to be stored using a 'plain' provider, which is merely base64 encoded and *not encrypted*. This is a critical security vulnerability for users on those operating systems who expect secure storage. While the tool warns the user about this, it significantly impacts the security posture for a tool that purports to manage 'secure storage'. The `execSync` calls for DPAPI appear to be handled with input sanitization and `-EncodedCommand` to mitigate command injection risks. Export/import functionality uses robust cryptographic methods like scrypt and AES-256-GCM with timing-safe HMAC verification.
Similar Servers
mcpm.sh
MCPM is a command-line tool for managing Model Context Protocol (MCP) servers, enabling discovery, installation, execution, sharing, and integration with various MCP clients.
mcp-shark
Aggregate multiple Model Context Protocol (MCP) servers into a single unified interface with a powerful monitoring UI.
mcp-use-cli
An interactive command-line interface (CLI) tool for connecting to and interacting with Model Context Protocol (MCP) servers using natural language, acting as an AI client that orchestrates LLM responses with external tools.
magic-api-mcp-server
Provides a Model Context Protocol (MCP) server to enhance Magic-API development workflows, enabling advanced interactions for script writing, API management, debugging, and deployment.