mcp-scanner
mcp-scanner is a Python tool/SDK/CLI that scans MCP servers and their exposed tools/prompts/resources/instructions for potential security issues. It supports multiple analysis engines (static YARA rules, an LLM-as-judge workflow, and Cisco AI Defense “inspect” API), plus offline JSON scanning, stdio/remote MCP connections, and optional VirusTotal-based malware detection via hash lookups.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
The project supports API keys and OAuth/bearer/custom-header auth for scanning. It also performs outbound calls to external services (LLM provider, Cisco AI Defense, VirusTotal) when enabled, which raises data-handling/privacy considerations. The manifest pins LiteLLM to a specific version and mentions an IOC for a known-bad release, suggesting some hygiene. However, the provided content does not describe secure logging practices for secrets or whether it redacts sensitive data in error reports, so the secret-handling score is moderate rather than high.
⚡ Reliability
Best When
You need automated pre-deployment scanning for MCP components with configurable engines (YARA/LLM/Cisco AI Defense), including optional integration with external threat intelligence (VirusTotal) and/or supply-chain source scanning.
Avoid When
You cannot use third-party services/models (Cisco AI Defense or LLM provider or VirusTotal) and want deterministic results; or you need strict guarantees that the scanner itself will not contact external endpoints (only relevant when optional analyzers are enabled).
Use Cases
- • Assessing MCP servers/tools/prompts/resources for security risks prior to deployment
- • Running CI/CD security checks using offline/static MCP JSON inputs
- • Performing supply-chain style behavioral analysis by scanning MCP server source code
- • Detecting known malicious patterns via YARA rules and LLM-based judgment
- • Enriching findings with VirusTotal hash lookups for bundled artifacts
Not For
- • A replacement for in-depth dynamic security testing or runtime sandboxing
- • Guaranteeing absence of vulnerabilities or malicious behavior
- • A fully self-contained scanner that does not rely on external services/models when those analyzers are enabled
Interface
Authentication
Authentication is configurable via environment variables and explicit auth parameters. The README describes OAuth support and bearer/custom-header options for MCP connections, but does not document fine-grained authorization scopes for the scanner’s own REST API.
Pricing
No pricing details for the scanner itself were provided; it is installed from source/PyPI and relies on external paid services only if corresponding analyzers are enabled.
Agent Metadata
Known Gotchas
- ⚠ Multiple analyzers are optional; behavior and outputs depend on which external services/keys are configured (Cisco AI Defense, LLM provider, VirusTotal).
- ⚠ For remote MCP scans, credentials may be supplied as bearer token or via --header; the docs note custom headers override duplicate Authorization provided via bearer-token.
- ⚠ OAuth is supported for some transport types, but exact parameterization details are not visible in the provided excerpt.
- ⚠ VirusTotal scanning depends on API key presence and include/exclude rules; missing VT key disables malware scanning for hashes.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for mcp-scanner.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.