SecScanMCP
Verified Safeby zakariaf
Overview
This is an enhanced security scanner test suite designed to detect a wide range of vulnerabilities in MCP (Model Context Protocol) servers, including prompt injection, tool poisoning, hardcoded secrets, and various code injection types.
Installation
make restartEnvironment Variables
- CLAMAV_HOST
- CLAMAV_PORT
- TRIVY_CACHE_DIR
- TRIVY_TIMEOUT
- TRIVY_DB_REPOSITORY
- CODEQL_CLI_PATH
- MODEL_PATH
- DB_PATH
- LOG_LEVEL
- CONFIG_PATH
Security Notes
This project is a security scanner, which by its nature interacts with and tests for malicious patterns. The code demonstrates good practices for isolating dangerous operations (e.g., Docker containerization, `subprocess.create_subprocess_exec` over `shell=True`, secret masking in findings). However, any security testing tool carries inherent risks if misconfigured or used on unauthorized systems. The documentation explicitly outlines ethical usage and safe testing practices. The internal design follows clean architecture principles, which generally improves code quality and reduces security vulnerabilities within the scanner itself.
Similar Servers
mcp-scanner
Scans Model Context Protocol (MCP) servers, tools, prompts, and resources for security vulnerabilities, employing static analysis, YARA rules, Cisco AI Defense API, and LLM-based behavioral analysis.
mcp-watch
A comprehensive security scanner for Model Context Protocol (MCP) servers, detecting various vulnerabilities in their implementations.
mcp-audit
Security audit and governance for AI agent configurations (MCPs) in development environments and GitHub repositories.
mcp-security-scanner
A Python-based penetration testing tool designed to scan and identify vulnerabilities in Model Context Protocol (MCP) servers.