mcp-security-scan

agentgraph-co/mcp-security-scan
★ 0 stars Python Security Updated 5d ago
Security scanner for MCP servers — finds hardcoded secrets, unsafe exec, missing auth. GitHub Action + CLI.
View on GitHub → 🔍 Audit Wallet Slippage →

Quick Install

Copy the config for your editor. Some servers may need additional setup — check the README.

Add to claude_desktop_config.json:

{
  "mcpServers": {
    "mcp-security-scan": {
      "command": "uvx",
      "args": [
        "mcp-security-scan"
      ]
    }
  }
}

Or install with pip: pip install mcp-security-scan

README Excerpt

Security scanner for [Model Context Protocol (MCP)](https://modelcontextprotocol.io/) servers. Finds hardcoded secrets, unsafe execution patterns, data exfiltration risks, filesystem access issues, code obfuscation, and missing authentication. Available as a **GitHub Action** and a **CLI tool**. --- We statically scanned **7,029 public MCP servers** (part of a 35,689-endpoint agent-ecosystem corpus):

Tools (18)

criticaldynamic_remote_loadexfiltrationformatfs_accessgithubhidden_unicodeinsecure_deserializationinstall_hookobfuscationprompt_injectionreporeportsecrettexttokentoxic_flowunsafe_exec