MCP Scanner is a free, open-source security tool that scans Model Context Protocol (MCP) servers for vulnerabilities including tool poisoning, prompt injection, rug pulls, and cross-origin escalation attacks.

What vulnerabilities does it detect?

122 rules across 15 categories: tool poisoning, command injection, path traversal, SSRF, credential theft, excessive permissions, missing auth, supply chain risks, rug pulls, data exfiltration, insecure communication, and more.

Yes. Completely free and open source. All features — scanning, config analysis, bulk scan, CI/CD integration, API access, webhooks — available at no cost.

How does the security leaderboard work?

Every scanned server receives a grade from A to F based on 122 security rules. The leaderboard ranks all servers publicly by score.

What is the Model Context Protocol?

MCP is an open protocol that connects AI assistants like Claude, ChatGPT, and Cursor to external tools and data sources.

Trusted by 500+ developers — Join freeStar on GitHub

Scan your MCP servers before attackers do

MCP Scanner is a free, open-source security tool that detects tool poisoning, prompt injection, rug pulls, and cross-origin escalation attacks in Model Context Protocol servers.

Scan Now — Free View on GitHub →

122

Detection Rules

Vulnerability Categories

10/10

OWASP MCP Coverage

What is MCP Scanner?

MCP Scanner analyzes Model Context Protocol (MCP) servers for security vulnerabilities. MCP is the protocol that connects AI agents like Claude, ChatGPT, and Cursor to external tools and data sources. MCP Scanner checks these connections for tool poisoning attacks, prompt injection vulnerabilities, rug pull risks, and cross-origin privilege escalation. It maintains a public leaderboard ranking MCP servers by security score, helping developers choose safe integrations for their AI agent workflows.

[ Capabilities ]

Built for MCP security

Tool Poisoning

12 rules

Detect hidden instructions in tool descriptions that manipulate AI agents into performing unintended actions.

Prompt Injection

14 rules

Find injection vulnerabilities in tool parameters, responses, and metadata that override AI agent behavior.

Rug Pull Prevention

8 rules

Track tool definition changes between scans with SHA-256 hashing. Detect post-approval behavior modifications.

Cross-Origin Escalation

5 rules

Identify shadow MCP servers, proxy relays, and undocumented tool registrations expanding the attack surface.

Credential Theft

12 rules

Detect hardcoded API keys, tokens, and secrets across 15+ providers. Entropy-based detection for unknown patterns.

Config Scanner

New

Paste your claude_desktop_config.json to find dangerous commands, non-HTTPS endpoints, and excessive permissions.

Frequently asked questions

Ready to secure your MCP servers?

Start scanning in seconds. No account required.

Scan Now — Free Read the Docs →

What is MCP Scanner?