What is tool poisoning in the context of MCP?

Tool poisoning occurs when a malicious server uses names similar to legitimate tools (typosquatting) to trick the LLM into using the wrong tool for sensitive operations.

How do I check if an MCP server is safe?

Use the scan_mcp_server tool with the package name to receive a safety report, risk score, and detailed breakdown of any detected threats or CVEs.

What is MCP Fortress?

MCP Fortress is a security suite for the Model Context Protocol that scans servers for vulnerabilities, malicious code patterns, and prompt injection risks.

Can it detect prompt injection in tools?

Yes, it specifically analyzes tool descriptions for direct instruction injection, system prompt extraction attempts, and role manipulation patterns.

Do I need to install MCP Fortress locally?

You can use it via a remote Smithery URL or install the mcp-fortress npm package locally for use within your Claude Desktop configuration.

MCP Fortress Security Scanner

Name: MCP Fortress Security Scanner
Author: mcp-fortress

bymcp-fortress

•

Seguridad y Pruebas

Protects Model Context Protocol (MCP) ecosystems by scanning servers for vulnerabilities, prompt injection attacks, and malicious tool poisoning.

MCP Fortress is a comprehensive security and runtime protection suite designed specifically for the Model Context Protocol (MCP) ecosystem. It provides critical safety layers for developers by analyzing MCP server packages for CVEs, identifying prompt injection risks within tool descriptions, and detecting 'tool poisoning' where malicious tools attempt to impersonate legitimate ones. Whether you are integrating a new third-party MCP server or auditing your own, this skill ensures your AI environment remains secure, trustworthy, and free from hidden threats through detailed risk scoring and actionable security reports.

Características Principales

012 GitHub stars

02Automated MCP package vulnerability scanning for known CVEs and malicious code patterns.

03Real-time verification of MCP server integrity before installation or configuration.

04Deep analysis of tool descriptions to detect prompt injection and instruction overrides.

05Safety risk scoring (0-100) and clear security reports with actionable recommendations.

06Detection of tool poisoning and typosquatting to prevent malicious tool impersonation.

Casos de Uso

01Verifying the safety and security of a third-party MCP server before installing it.

02Preventing typosquatting attacks where malicious tools shadow legitimate filesystem or system tools.

03Auditing custom MCP tool descriptions for potential prompt injection vulnerabilities.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mcp-fortress/mcp-fortress mcp-fortress

For use in Claude.ai and ChatGPT

Download Skill