MCP-Scan is a security auditing tool for Model Context Protocol (MCP) servers, designed to identify vulnerabilities like prompt injection, tool poisoning, and cross-origin escalations in AI agent configurations. It targets developers and users of MCP-based systems, offering automated checks and insights into tool security.

How It Works

MCP-Scan analyzes MCP server configuration files, retrieves tool descriptions, and scans them for vulnerabilities. It employs local checks and leverages Invariant Guardrails via an API for enhanced security analysis. Tool names and descriptions are shared with invariantlabs.ai for security research, with users agreeing to terms of use and privacy policies.

Quick Start & Requirements

• Primary install/run command: uvx mcp-scan@latest or npx mcp-scan@latest
• Requirements: Node.js (for npx), UV (for uvx). No specific hardware or OS dependencies mentioned.
• Links: CHANGELOG.md

Highlighted Details

• Scans Claude, Cursor, Windsurf, and other file-based MCP clients.
• Detects prompt injection, tool poisoning, and cross-origin escalation (tool shadowing).
• Features "Tool Pinning" to prevent MCP rug pulls via hashing.
• Includes an inspect command for viewing tool descriptions without verification.

Maintenance & Community

• Contributions are welcomed via GitHub issues.
• Contact for integration: mcpscan@invariantlabs.ai.
• Further reading available on MCP security and attacks.

Licensing & Compatibility

• License not explicitly stated in the README.
• Compatibility for commercial use or closed-source linking is not detailed.

Limitations & Caveats

The tool shares tool descriptions and names with invariantlabs.ai for security research, which may be a concern for users with strict data privacy requirements. The specific license and its implications for commercial use are not clearly defined.