MCP Securityopen source · runs locally

Audit any MCP server in under three seconds.

MCP servers hand tools, resources, and prompts to LLM agents — each one a fresh attack surface. scan-my-mcp connects to a server, does a real handshake, enumerates everything it exposes, and runs six categories of static checks against the result.

Run a scanSee what we checkScan My MCP - Audit MCPs for security vulnerabilities. | Product Hunt
HTTP transport·24 individual checks·no data leaves your machine
01

Run a scan

runs locally · no data leaves your machine
Streamable HTTP / SSE endpoint
scans run synchronously — first one takes 1–3s
02

How it works

five steps, end to end
STEP 1
ConnectHTTP · SSE

Opens a connection to your MCP server endpoint. Supports both Streamable HTTP and legacy SSE transports.

STEP 2
HandshakeMCP initialize

Sends a standard MCP initialize request and captures the server name, version, protocol revision, and any declared capabilities.

STEP 3
Enumeratetools · resources · prompts

Calls tools/list, resources/list, and prompts/list to collect every definition the server exposes to an LLM agent.

STEP 4
Check6 categories

Runs six offline security checks against the collected definitions — secret exposure, auth enforcement, dangerous permissions, input validation, prompt injection, and context-window cost.

STEP 5
Score0 – 100

Produces a weighted 0–100 security score. Criticals subtract 30 points each; highs subtract 15. Severity caps ensure a server with leaked secrets can never rate Safe.

03

What we check

six categories of MCP-specific risk
01

Authentication

Probes whether unauthenticated requests can list and call tools. Flags servers that expose tools with no auth, or only partial enforcement.

02

Prompt injection

Scans every tool description for hidden instructions, role-redefining language, jailbreak patterns, and HTML smuggled into the model context.

03

Permissions

Detects tools that claim destructive capabilities — filesystem writes, code execution, network egress — and warns when claims mismatch the schema.

04

Secrets exposure

Greps tool descriptions, resource URIs and prompt templates for leaked API keys, tokens, and other credential-shaped strings.

05

Schema validation

Inspects each tool's input schema. Reports tools with no schema, untyped parameters, and unconstrained strings that resist safe validation.

06

Context bloat

Measures how much of the model's context window the server burns by being connected — large tool counts and verbose descriptions degrade reliability.