mcp-gateway-scan
This server performs a read-only static scan of a repository or directory for MCP/agent-gateway production-readiness anti-patterns across 7 dimensions, returning a per-dimension red/yellow/green score with structured evidence.
What it scans for:
D1 – RBAC/Tool-access governance: authorization expressed in prompts, missing policy layer
D2 – Fail-close posture: error handlers that silently allow, missing timeouts
D3 – Supply chain pinning: unpinned
:latestimages,@mainrefs, unverified packagesD4 – Observability: missing OTel tracing, raw prompts in logs
D5 – Routing & cost controls: missing
max_tokens, budget limits, rate limitingD6 – Secrets & identity: inline secret literals (location only — values always redacted); rewards secret manager and IDP/OIDC wiring
D7 – Production readiness: missing kill-switches, feature flags, 429 handling, eval/red-team gates
Key behaviors:
Returns per-finding evidence with
file:linelocations for every flagged issueAccepts an optional
ci: trueparameter to include a CI gate verdict (fails on any red dimension)100% read-only — never executes code, makes network calls, or reveals secret values
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@mcp-gateway-scanscan ./my-gateway"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
mcp-gateway-scan
Read-only static scanner for MCP / agent-gateway production-readiness anti-patterns. Point it at a repo, get a 7-dimension red/yellow/green score in seconds.
Built by the team behind the Provenwright MCP Gateway Readiness Audit — a full cited audit with evidence index, scored gap matrix, and 90-day roadmap. Full audit: provenwright.com/audit
npx mcp-gateway-scan ./path/to/your/gatewayIt scans your code and config for the failure modes that turn an MCP gateway from a demo into an incident — authorization decided by the model, error handlers that fail open, unpinned supply chains, dark traces, unbounded spend, inline secrets, and missing operational levers — and prints exactly where each one lives.
100% read-only. It only reads files. It never executes your code, never makes network
calls, and never prints a secret value — for inline-secret hits it reports the location
only (<file:line>), with the value redacted.
Install
# one-off
npx mcp-gateway-scan <path>
# or global
pnpm add -g mcp-gateway-scan
mcp-gateway-scan <path>Requires Node ≥ 18.
Related MCP server: trust-security
Usage
mcp-gateway-scan <path> [options]
Options:
--json Machine-readable JSON instead of the terminal report
--ci Compact, no-color output for pipelines; exits 1 on any RED
--no-color Disable ANSI colors
-h, --help Show help
-v, --version Print version
Exit codes:
0 no red dimensions
1 one or more red dimensions
2 usage / IO errorRun it inside Claude Code / Cursor (MCP server)
The same package can also run as an MCP server so your agent runs the scan conversationally — just ask it to "scan this repo for gateway-readiness".
Claude Code (one command):
claude mcp add gateway-scan -- npx -y mcp-gateway-scan mcpCursor / any MCP client — add to your .mcp.json:
{
"mcpServers": {
"gateway-scan": {
"command": "npx",
"args": ["-y", "mcp-gateway-scan", "mcp"]
}
}
}Then ask your agent to run the scan_gateway tool:
Input:
{ "path": "<repo or dir>", "ci": false }(cioptional — adds the CI gate verdict).Output: a per-dimension 🟢🟡🔴 summary + the structured result. Read-only; scans only the path you give it; secret values stay redacted (location only, never the value).
Same package, two modes —
mcp-gateway-scan mcpis the server (use it from your agent); the defaultmcp-gateway-scan <path>is the CLI (run it directly in a terminal or CI). Themcpsubcommand does not change the CLI behavior.
Or find it on Glama
mcp-gateway-scan is listed on the Glama MCP directory,
where you can inspect its tool schema, Try it in the browser, or deploy the containerized
server straight from the listing. The build spec and release process are documented in
docs/glama-release.md.
Example output
[RED] D2 Fail-close / fail-open posture S1
Error handlers on the call path return allow/true/ok or pass — the
system fails OPEN. A degraded auth/policy check silently becomes
'allow'. Launch blocker.
✗ gateway.ts:23 fail-open on error path return { allowed: true };
[GREEN] D6 Security, secrets & identity S1
No inline secrets; credentials referenced from a manager/env and
IDP/OIDC identity wiring is present.
✓ docker-compose.yml:7 secret-manager / env reference DATABASE_URL: op://Production/gateway-db/url
SCORE
┌────────┬──────────────────────────────────────────┬─────────┬──────────┐
│ Dim │ Title │ Status │ Severity │
├────────┼──────────────────────────────────────────┼─────────┼──────────┤
│ D1 │ Tool-access governance & RBAC │ RED │ S1 │
│ ... │ ... │ ... │ ... │
└────────┴──────────────────────────────────────────┴─────────┴──────────┘
0 green 0 yellow 7 redWire it into CI
--ci prints a compact, greppable summary and exits non-zero on any red dimension, so a
regression (a new fail-open handler, an unpinned image, a committed secret) fails the build:
# .github/workflows/gateway-readiness.yml
- name: MCP gateway readiness scan
run: npx mcp-gateway-scan ./gateway --ciRED D2 S1 Fail-close / fail-open posture (findings=1)
RESULT green=4 yellow=2 red=1
VERDICT FAIL — red dimension(s) present; see findings above.The 7 dimensions
Dim | Checks for |
D1 Tool-access / RBAC | Authorization expressed in prompts; absence of a gateway policy layer |
D2 Fail-close |
|
D3 Onboarding / supply chain |
|
D4 Observability | Presence/absence of OTel / |
D5 Routing / cost | Missing |
D6 Secrets / identity | Inline secret literals (location only, value redacted); rewards |
D7 Prod-readiness | Missing kill-switch / feature-flag, 429 / rate-limit, eval / red-team gate |
Each dimension is scored 🟢 green / 🟡 yellow / 🔴 red with a severity tag, plus the matched
evidence (file:line). The methodology behind the rubric maps to OWASP Top 10 for LLM
Applications, the MCP spec (2025-06-18), and OpenTelemetry GenAI semantic conventions.
Try it on the bundled fixtures
mcp-gateway-scan fixtures/secure # mostly green
mcp-gateway-scan fixtures/vulnerable # mostly redThe fixtures/vulnerable tree contains only fake, non-functional placeholder secrets
(sk-EXAMPLENOTREAL…, AKIAEXAMPLE…) so you can see the redacted-secret output safely.
Accuracy
Every finding is meant to be defensible to a skeptical senior engineer. The scanner
distinguishes prompt content (a system-message string / YAML prompt field) from code
that merely documents a pattern — so a doc comment quoting rg 'only use|if the user is admin' is not flagged as authorization-in-prompt, while the same words inside a real
system prompt are. Comment lines and grep-recipe / regex documentation are suppressed
across all dimensions, and "control present" signals are matched in code/config, not prose.
What this is (and isn't)
This is a fast, free heuristic wedge — a static pattern scanner. A green score is a good signal, not a guarantee; a red score is a concrete pointer to fix. It does not run fault-injection, inspect your live IAM/IDP, or read your traces. That depth is what a full MCP Gateway Readiness Audit provides: a cited Gap Matrix and a sequenced 90-day remediation roadmap.
This scanner (free, MIT) | Full MCP Gateway Readiness Audit (paid) | |
Method | static pattern checks | read-only review of your live codebase |
Live tests | — | fault-injection (F1–F5), trace verification |
Evidence | matched line | per-finding |
Output | 7-dimension score | cited gap matrix + severity + sequenced 90-day roadmap |
Delivery | instant, automated | expert engagement + live review session |
Need the full audit? This scanner is a free heuristic wedge. The Provenwright MCP Gateway Readiness Audit goes deeper: read-only assessment of your live codebase, per-finding evidence (file + line), a cited Gap Matrix, and a sequenced 90-day remediation roadmap.
See a sample report: provenwright.com/sample/
Full audit info: provenwright.com/audit
Book a 15-min call: cal.com/willianpinho
Email: me@willianpinho.com
License
MIT © Willian Pinho
Maintenance
Tools
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/willianpinho/mcp-gateway-scan'
If you have feedback or need assistance with the MCP directory API, please join our Discord server