attestral

attestral-labs/attestral
★ 2 stars Python AI/LLM Updated today
Open-source security scanner for MCP servers and AI agents: finds prompt injection, tool poisoning, and excessive agency, and models the cloud your agents can reach. pip install attestral.
View on GitHub → 🔍 Audit Wallet Slippage →

Quick Install

Copy the config for your editor. Some servers may need additional setup — check the README.

Add to claude_desktop_config.json:

{
  "mcpServers": {
    "attestral": {
      "command": "uvx",
      "args": [
        "attestral"
      ]
    }
  }
}

Or install with pip: pip install attestral

README Excerpt

**The security scanner for AI agents and MCP servers.** <p align="center"> <img src="examples/vulnerable-agent/demo.gif" alt="attestral scan flagging an insecure MCP agent config in seconds" width="820"> </p> <!-- RESEARCH POST: "We scanned N popular MCP servers" - link TBD --> Your agent has a shell, a browser, your database, and a Slack token. Each tool is fine on its own. Together they are one injected sentence away from walking your secrets out the door. Attestral is the scanner that reads t

Topics

agentic-aiagentic-securityai-agentsai-securitydesign-reviewdevsecopsllm-securitymcpmcp-securitymodel-context-protocolprompt-injectionsecurityterraformthreat-modeling