I find academic articles and books for research and literature reviews.
Private
escaneo de MCP
2025-06-05
Una herramienta de escaneo de seguridad para servidores MCP
6
Github Watches
13
Github Forks
227
Github Stars
MCP-Scan: An MCP Security Scanner
<img/ alt="escaneo de MCP image">
MCP-Scan is a security scanning tool designed to go over your installed MCP servers and check them for common security vulnerabilities like prompt injections, tool poisoning and cross-origin escalations.
Quick Start
To run MCP-Scan, use the following command:
uvx mcp-scan@latest
Example Output
Features
- Scanning of Claude, Cursor, Windsurf, and other file-based MCP client configurations
- Scanning for prompt injection attacks in tool descriptions and tool poisoning attacks using Invariant Guardrails
- Detection of cross-origin escalation attacks (tool shadowing)
- Tool Pinning to detect and prevent MCP rug pull attacks, i.e. detects changes to MCP tools via hashing
- Inspecting the tool descriptions of installed tools via
uvx mcp-scan@latest inspect
How It Works
MCP-Scan searches through your configuration files to find MCP server configurations. It connects to these servers and retrieves tool descriptions.
It then scans tool descriptions, both with local checks and by invoking Invariant Guardrailing via an API. For this, tool names and descriptions are shared with invariantlabs.ai. By using MCP-Scan, you agree to the invariantlabs.ai terms of use and privacy policy.
Invariant Labs is collecting data for security research purposes (only about tool descriptions and how they change over time, not your user data). Don't use MCP-scan if you don't want to share your tools.
MCP-scan does not store or log any usage data, i.e. the contents and results of your MCP tool calls.
CLI parameters
usage: uvx mcp-scan@latest [--checks-per-server CHECKS_PER_SERVER] [--storage-file STORAGE_FILE] [--base-url BASE_URL] [--server-timeout SERVER_TIMEOUT] [files ...]
[FILE1] [FILE2] [FILE3] ...
Different file locations to scan. This can include custom file locations as long as they are in an expected format, including Claude, Cursor or VSCode format.
inspect
Prints the tool descriptions of the installed tools
help
Prints this help message
options:
--checks-per-server CHECKS_PER_SERVER
Number of checks to perform on each server, values greater than 1 help catch non-deterministic behavior
--storage-file STORAGE_FILE
Path to previous scan results
--base-url BASE_URL Base URL for the Invariant API server.
--server-timeout SERVER_TIMEOUT
Number of seconds to wait while trying an MCP server
Contributing
We welcome contributions to MCP-Scan. If you have suggestions, bug reports, or feature requests, please open an issue on our GitHub repository.
Development Setup
To run this package from source, follow these steps:
uv run pip install -e .
uv run -m src.mcp_scan.cli
Including MCP-scan results in your own project / registry
If you want to include MCP-scan results in your own project or registry, please reach out to the team via mcpscan@invariantlabs.ai, and we can help you with that.
Further Reading
- Introducing MCP-Scan
- MCP Security Notification Tool Poisoning Attacks
- WhatsApp MCP Exploited
- MCP Prompt Injection
Changelog
-
0.1.4.0initial public release -
0.1.4.1inspectcommand, reworked output -
0.1.4.2added SSE support -
0.1.4.3added VSCode MCP support, better support for non-MacOS, improved error handling, better output formatting -
0.1.4.4-5fixes
相关推荐
Confidential guide on numerology and astrology, based of GG33 Public information
Converts Figma frames into front-end code for various mobile frameworks.
Advanced software engineer GPT that excels through nailing the basics.
Take an adjectivised noun, and create images making it progressively more adjective!
Siri Shortcut Finder – your go-to place for discovering amazing Siri Shortcuts with ease
Descubra la colección más completa y actualizada de servidores MCP en el mercado. Este repositorio sirve como un centro centralizado, que ofrece un extenso catálogo de servidores MCP de código abierto y propietarios, completos con características, enlaces de documentación y colaboradores.
Manipulación basada en Micrypthon I2C del expansor GPIO de la serie MCP, derivada de AdaFruit_MCP230xx
Servidor MCP para obtener contenido de la página web con el navegador sin cabeza de dramaturgo.
La aplicación AI de escritorio todo en uno y Docker con trapo incorporado, agentes de IA, creador de agentes sin código, compatibilidad de MCP y más.
Un poderoso complemento Neovim para administrar servidores MCP (protocolo de contexto del modelo)
Puente entre los servidores Ollama y MCP, lo que permite a LLM locales utilizar herramientas de protocolo de contexto del modelo
🧑🚀 全世界最好的 llM 资料总结(数据处理、模型训练、模型部署、 O1 模型、 MCP 、小语言模型、视觉语言模型) | Resumen de los mejores recursos del mundo.
Plataforma de automatización de flujo de trabajo de código justo con capacidades de IA nativas. Combine el edificio visual con código personalizado, auto-anfitrión o nube, más de 400 integraciones.
Reviews
1
(1)
user_vw7Mf84J
2025-04-17
I've been using mcp-scan from invariantlabs-ai and it's truly impressive. It's user-friendly, robust, and efficiently handles complex scanning tasks. The seamless interface and comprehensive documentation make it a top choice for anyone needing reliable scan solutions. Coupled with its powerful capabilities, this tool has become indispensable for me. Highly recommended for anyone looking to streamline their scanning processes. Check it out at https://github.com/invariantlabs-ai/mcp-scan.