Config Scanner
Paste your claude_desktop_config.json or .cursor/mcp.json to find hardcoded secrets, dangerous commands, and insecure settings.
What we check
Hardcoded API keys and secrets
Non-HTTPS server endpoints
Tunneling services (ngrok, localtunnel)
Excessive environment variables
Shell injection in arguments
Servers running with sudo/root
Excessive configured servers
OWASP MCP Top 10 mapping