Scan an MCP server or agent config for injection, exfiltration, and risky capabilities.
Verification confirms publisher identity (repo ownership), not code safety. The security scan covers known CVEs and suspicious install scripts — it cannot prove the absence of malicious code.
Scan an MCP server or agent config for injection, exfiltration, and risky capabilities.