mcpscan

ugurcl/mcpscan
★ 0 stars TypeScript AI/LLM Updated 8d ago
Security scanner for MCP servers: detects tool poisoning, hidden instructions, prompt injection and over-broad capabilities in tools, resources and prompts.
View on GitHub → 🔍 Audit Wallet Slippage →

Quick Install

Copy the config for your editor. Some servers may need additional setup — check the README.

Add to claude_desktop_config.json:

{
  "mcpServers": {
    "mcpscan": {
      "command": "npx",
      "args": [
        "-y",
        "ugurcl/mcpscan"
      ]
    }
  }
}

README Excerpt

<h1 align="center">mcpscan</h1> <p align="center"> A security scanner for <a href="https://modelcontextprotocol.io">MCP</a> servers.<br> It reads a server's tools, resources and prompts the way an attacker would, and tells you what a hijacked agent could be told to do. </p> <p align="center"> <a href="https://github.com/ugurcl/mcpscan/actions/workflows/ci.yml"><img src="https://github.com/ugurcl/mcpscan/actions/workflows/ci.yml/badge.svg" alt="CI"></a>

Topics

ai-agentsai-securityappsecclillm-securitymcpmodel-context-protocolprompt-injectionsecurity-scanner