★ 21 stars
TypeScript
🔒 Security
Updated 20d ago
Offensive MCP server auditor — detects tool poisoning, credential leaks, RCE vectors, SSRF, session hijacking, and supply chain vulnerabilities across stdio, HTTP, and SSE transports.
View on GitHub →
Quick Install
Copy the config for your editor. Some servers may need additional setup — check the README.
Add to claude_desktop_config.json:
{
"mcpServers": {
"mcpscan": {
"command": "npx",
"args": [
"-y",
"sahiloj/MCPScan"
]
}
}
}
Run in terminal:
claude mcp add mcpscan npx -y sahiloj/MCPScan
Add to .cursor/mcp.json:
{
"mcpServers": {
"mcpscan": {
"command": "npx",
"args": [
"-y",
"sahiloj/MCPScan"
]
}
}
}
Topics
ai-securityllm-securitymcpmcp-securitymcpscanmodel-context-protocoloffensive-securityopen-sourcesecuritysupply-chaintool-poisoningvulnerability-scanner