Home / Security / mcp-witness

mcp-witness

desledishant10/mcp-witness
★ 0 stars Python Security Updated 2d ago
Security scanner for MCP servers. Found and disclosed 6 vulnerabilities; 1 fix verified upstream (PR #4226).
View on GitHub → Try with Claude — $10 free →

Quick Install

Copy the config for your editor. Some servers may need additional setup — check the README.

Add to claude_desktop_config.json:

{
  "mcpServers": {
    "mcp-witness": {
      "command": "uvx",
      "args": [
        "mcp-witness"
      ]
    }
  }
}

Or install with pip: pip install mcp-witness

README Excerpt

> Security scanner for Model Context Protocol servers and AI agents. **Demonstrated on EC2 with live AWS IAM credentials retrieved.** Static rule MCP-S-009 flagged the missing scheme/host validation on `mcp-server-fetch`'s `fetch` tool; the dynamic harness (MCP-D-003) drove the live probe against an EC2 `t3.micro` with IMDSv2 set to Optional and got back a real `AccessKeyId` / `SecretAccessKey` / `Token` triplet for the attached IAM role. Coordinated disclosure filed as [modelcontextprotocol/ser

Topics

agentic-aiai-agentsdns-rebindingllm-securitymcpmodel-context-protocolscannersecurityssrfstatic-analysissupply-chain-securityvulnerability-disclosure

Related Security Servers

casdoor ★ 13.4K
An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI...
Security Go
lamda ★ 7.7K
The most powerful Android RPA agent framework, next generation of mobile automation robots.
Security Python
ENScan_GO ★ 4.2K
一款基于各大企业信息API的工具,解决在遇到的各种针对国内企业信息收集难题。一键收集控股公司ICP备案、APP、小程序、微信公众号等信息聚合导出。支持MCP接入
Security Go
vitemcp ★ 3.1K
A TypeScript framework for building MCP servers.
Security TypeScript