MCP Server

mcp-sentinel-scanner

Scan any MCP server against 177 security detection rules — directly from Claude, Cursor, or any MCP client.

npx mcp-sentinel-scanner

Quick Setup

1

Add to Claude Desktop

Open your Claude Desktop config and add the scanner as an MCP server:

{
  "mcpServers": {
    "mcp-sentinel-scanner": {
      "command": "npx",
      "args": ["-y", "mcp-sentinel-scanner"]
    }
  }
}
2

Ask Claude to scan

Just ask in natural language. The scanner exposes three tools that Claude can call:

Scan a live endpoint“Scan the MCP server at https://api.example.com/mcp for security issues”
Analyze server metadata“Check this MCP server's tools for prompt injection risks”
List detection rules“What security rules does the scanner check for?”
3

Get actionable results

Every finding includes evidence (what triggered it) and remediation (how to fix it).

Available Tools

scan_server

Analyze server metadata without a live connection. Pass tools, descriptions, source code, and dependencies. Returns findings + score.

Input: tools, source code, dependenciesOutput: findings + 0-100 score

scan_endpoint

Connect to a live MCP server endpoint. Enumerates tools via initialize + tools/list (safe, read-only), then runs all 177 detection rules.

Input: endpoint URLOutput: findings + score + connection info

list_rules

List all available detection rules. Filter by category or severity to explore specific rule sets.

Input: optional category/severity filterOutput: rule list with names, categories, severity

Example Output

What a scan result looks like:

{
  "server_name": "my-mcp-server",
  "total_score": 62,
  "rating": "Moderate",
  "findings_count": 3,
  "findings": [
    {
      "rule": "Prompt Injection in Tool Description",
      "severity": "critical",
      "evidence": "Tool description contains injection pattern:
        'ignore all previous instructions'",
      "remediation": "Remove instruction-like language from
        tool descriptions. Use factual, concise descriptions."
    },
    {
      "rule": "Hardcoded Secrets",
      "severity": "high",
      "evidence": "Hardcoded API key pattern detected:
        sk-proj-abc123...",
      "remediation": "Move secrets to environment variables.
        Never hardcode API keys in source code."
    },
    {
      "rule": "Missing Input Validation",
      "severity": "medium",
      "evidence": "Parameter 'query' has type string with
        no maxLength, pattern, or enum constraint.",
      "remediation": "Add maxLength, pattern, or enum
        constraints to string parameters."
    }
  ],
  "score_breakdown": {
    "total_score": 62,
    "code_score": 85,
    "deps_score": 100,
    "config_score": 92,
    "description_score": 50,
    "behavior_score": 100
  }
}

Score Interpretation

80-100GoodLow risk. Minor or no findings.
60-79ModerateSome issues found. Review recommended.
40-59PoorSignificant issues. Fix before deploying.
0-39CriticalSevere vulnerabilities. Do not use in production.

Detection Coverage

177 rules across 17 categories

Description AnalysisPrompt injection, unicode attacks, encoded instructions
9
Schema AnalysisMissing validation, dangerous defaults, unconstrained properties
7
Code AnalysisCommand injection, SSRF, SQL injection, hardcoded secrets
16
Dependency AnalysisKnown CVEs, typosquatting, malicious packages
7
Behavioral AnalysisMissing auth, insecure transport, response anomalies
4
Ecosystem ContextLethal trifecta, exfiltration chains, data flow risks
7
Adversarial AIIndirect injection, rug pull, context saturation
7
Attack SurfaceOAuth vulnerabilities, initialize injection, multi-agent
3
Protocol SurfaceAnnotation deception, sampling abuse, consent fatigue
16
Threat IntelligenceGit injection, schema poisoning, config poisoning
7
Compliance & GovernanceNIST, ISO 27001, EU AI Act, OWASP Agentic
20
Advanced DetectionSupply chain, AI runtime, data privacy, infrastructure
74

Safety

The scanner never invokes tools on target servers. It only calls initialize and tools/list for enumeration. All analysis is deterministic — no LLM calls, no false positives from probabilistic models.

Other MCP Clients

Works with any MCP-compatible client:

CursorSettings → MCP → Add Server
VS Code (Copilot).vscode/mcp.json
Windsurf~/.codeium/windsurf/mcp_config.json
Claude Codeclaude mcp add mcp-sentinel-scanner