scan_mcp_server
Analyze MCP server source code for security vulnerabilities—overly broad permissions, missing input validation, data exfiltration, insecure patterns—and receive an A-F grade with actionable recommendations.
Instructions
Scan an MCP server's source code for security vulnerabilities: overly broad permissions, missing input validation, data exfiltration, insecure patterns. Returns grade (A-F) and recommendations.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| manifest | No | Also scan server.json manifest file for poisoning indicators (tool poisoning, name spoofing, description injection) | |
| verbosity | No | Response detail level: 'minimal' (counts only), 'compact' (default, actionable info), 'full' (complete metadata) | |
| server_path | Yes | Path to MCP server directory or entry file | |
| update_baseline | No | Write current server.json tool hashes as the trusted baseline for future rug pull detection. Stored in .mcp-security-baseline.json in the server directory. |