{"id":"manthanghasadiya-mcpsec","name":"mcpsec","af_score":40.0,"security_score":42.5,"reliability_score":35.0,"what_it_does":"mcpsec is a Python CLI toolchain for security scanning and fuzzing of MCP (Model Context Protocol) servers. It can scan MCP servers via stdio or HTTP, enumerate attack surface, run SAST-like checks (Semgrep rules), and perform runtime fuzzing/generation to find crashes and application-layer vulnerabilities (e.g., SSRF/path traversal/RCE-class indicators), with optional AI-assisted payload generation.","best_when":"You are evaluating your own MCP server/tool ecosystem (including downstream IDE/agent integrations) and can run scans in a controlled/staging environment with safeguards.","avoid_when":"You cannot isolate network/file access for the target, cannot handle potential crashes/DoS from fuzzing, or cannot ensure legal/ethical authorization.","last_evaluated":"2026-03-30T15:38:01.966212+00:00","has_mcp":false,"has_api":false,"auth_methods":["HTTP Bearer token via -H/Authorization header for --http scans"],"has_free_tier":false,"known_gotchas":["Active fuzzing/scanning can crash or DoS the target MCP server.","HTTP scanning requires correctly formatted MCP endpoint/transport path and valid Authorization header if enabled on the target.","AI payload generation requires additional setup (mcpsec setup) and may be sensitive to provider/model configuration."],"error_quality":0.0}