Scans MCP servers for prompt injection, data exfiltration, and privilege escalation.
Scan MCP servers for prompt injection, data exfiltration, risky permissions, supply-chain threats, and privilege escalation before your agent blindly trusts them. First run downloads a ~10MB Go binary from GitHub Releases and caches it at . Subsequent runs use the cached binary with no download. Prompt injection and tool poisoning hidden in descriptions Excessive permissions such as , , , and…
Verification confirms publisher identity (repo ownership), not code safety. The security scan covers known CVEs and suspicious install scripts — it cannot prove the absence of malicious code.
Scan MCP servers for prompt injection, data exfiltration, risky permissions, supply-chain threats, and privilege escalation before your agent blindly trusts them. First run downloads a ~10MB Go binary from GitHub Releases and caches it at . Subsequent runs use the cached binary with no download. Prompt injection and tool poisoning hidden in descriptions Excessive permissions such as , , , and Supply-chain CVEs and known compromised package versions Suspicious npm lifecycle scripts that execute…