proofscan
Verified Safeby proofofprotocol
Overview
Provides complete visibility into Model Context Protocol (MCP) server communication, enabling capture, analysis, visualization, testing, and proxying of JSON-RPC messages.
Installation
npx proofscan proxy start --connectors <comma-separated-connector-ids>Security Notes
The project extensively uses a 'secrets' module for sensitive data handling. On Windows, it leverages DPAPI for encryption. However, on non-Windows platforms (Linux/macOS), the default 'PlainProvider' stores secrets as base64 encoded text without encryption, which is a critical security vulnerability for sensitive data. The tool explicitly warns users about this limitation. The use of `execSync` for PowerShell commands in the DPAPI provider is carefully implemented with input sanitization and `EncodedCommand` to mitigate command injection risks. Network requests for registry access include timeouts and standard headers, and API keys are sent as Bearer tokens. XSS prevention is implemented in HTML report generation, and atomic file operations with locking are used for config updates.
Similar Servers
mcpm.sh
MCPM is a command-line tool for managing Model Context Protocol (MCP) servers, enabling discovery, installation, execution, sharing, and integration with various MCP clients.
mcp-shark
Aggregate multiple Model Context Protocol (MCP) servers into a single unified interface with a powerful monitoring UI.
mcp-use-cli
An interactive command-line interface (CLI) tool for connecting to and interacting with Model Context Protocol (MCP) servers using natural language, acting as an AI client that orchestrates LLM responses with external tools.
magic-api-mcp-server
Provides a Model Context Protocol (MCP) server to enhance Magic-API development workflows, enabling advanced interactions for script writing, API management, debugging, and deployment.