Scan any MCP server

Scan your MCP server

Run a live security scan against 164 deterministic detection rules. Submit a URL, paste your MCP client config, or point at a GitHub repo or npm package. Every successful scan is added to the public registry.

A remote MCP server endpoint (HTTP / SSE).

Read-only — MCP Sentinel only calls initialize and tools/list. It never invokes your tools.

What gets checked

Live URL & config

Connects over MCP, enumerates tools, resources and prompts, and runs the description, schema, protocol-surface and adversarial-AI rule families (~60–80 rules).

GitHub / npm source

Fetches the source and dependency manifest, unlocking the full 164-rule suite — including code-analysis, dependency and supply-chain rules. Takes a little longer.

Honest coverage

Every report carries a confidence band so a metadata-only URL scan is never mistaken for a full source-backed analysis.