Security scanner for Model Context Protocol (MCP) servers. Audits running servers against the OWASP MCP Top 10 and outputs console, JSON, and SARIF reports. Runs as a CLI or as an MCP server itself.
Verification confirms publisher identity (repo ownership), not code safety. The security scan covers known CVEs and suspicious install scripts — it cannot prove the absence of malicious code.
Security scanner for Model Context Protocol (MCP) servers. Audits running servers against the OWASP MCP Top 10 and outputs console, JSON, and SARIF reports. Runs as a CLI or as an MCP server itself.