Security scanner for MCP servers
Security scanner for your MCP server configs.
Find leaked secrets, typosquatting, and misconfigurations before they bite you.
Installation
# For global installation
npm install -g mcp-scan
# Or run directly
npx mcp-scan
Demo
Here's what a scan looks like when it finds some common issues:
$ mcp-scan
╔════════════════════════════════════════════╗
║ mcp-scan results ║
╚════════════════════════════════════════════╝
Cursor - shady-analytics
Config: /Users/rodolf/.cursor/mcp.json
┌──────────┬───────────────────────┬──────────────────────────────────────────────────────────────────┬──────────────────────────────────────────────────────────┐
│ Severity │ ID │ Description │ Recommendation │
├──────────┼───────────────────────┼──────────────────────────────────────────────────────────────────┼──────────────────────────────────────────────────────────┤
│ HIGH │ typosquat-detection │ Package 'mcp-analytics-proo' looks suspiciously like official... │ Verify you meant to install this package and not '@mo... │
└──────────┴───────────────────────┴──────────────────────────────────────────────────────────────────┴──────────────────────────────────────────────────────────┘
VS Code - github-leaky
Config: /Users/rodolf/.vscode/mcp.json
┌──────────┬───────────────────┬──────────────────────────────────────────────────────────────────┬──────────────────────────────────────────────────────────┐
│ Severity │ ID │ Description │ Recommendation │
├──────────┼───────────────────┼──────────────────────────────────────────────────────────────────┼──────────────────────────────────────────────────────────┤
│ CRITICAL │ exposed-secret │ Exposed GitHub Token in environment variable 'GITHUB_TOKEN'. │ Move the secret to a secure environment variable and r... │
└──────────┴───────────────────┴──────────────────────────────────────────────────────────────────┴──────────────────────────────────────────────────────────┘
──────────────────────────────────────────────────
✖ CRITICAL: 2 servers scanned in 12ms. Critical: 1, High: 1, Medium: 0.
What it checks
| Check | What it catches | Example |
| -------------------- | ---------------------------------------------------- | --------------------------------------------------- |
| Secret detection | API keys, tokens in env vars and args | GITHUB_TOKEN=ghp_... |
| Typosquat detection| Misspelled package names | @modelcontextprotocol vs @modeicontextprotocol |
| Permission scanning| Overly broad filesystem access | / instead of ~/projects |
| Config validation | Missing env vars, malformed JSON, injection in args | args: ["${rm -rf /}"] |
| Transport security | HTTP instead of HTTPS for SSE servers | url: "http://example.com" |
Supported tools
- Claude Desktop:
~/Library/Application Support/Claude/claude_desktop_config.json - Cursor:
~/.cursor/mcp.json - VS Code Copilot:
~/.vscode/mcp.json - Claude Code:
~/.claude.json - Windsurf:
~/.codeium/windsurf/mcp_config.json
CI/CD usage
You can use mcp-scan in your GitHub Actions workflow to automatically scan for vulnerabilities on every push and pull request.
name: MCP Scan
on: [push, pull_request]
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: npx mcp-scan ci
JSON output
For programmatic use, you can get the scan results in JSON format using the --json flag.
mcp-scan --json
Contributing
Contributions are welcome! Please feel free to submit a pull request or open an issue.
License
Built with ❤️ by Rodolf
