Do I need to be a developer to understand the report?

No, the skill defaults to plain-language assessments and uses everyday analogies to explain security concepts to non-technical users.

What security risks does it look for?

It checks for critical vulnerabilities including hardcoded secrets, command injection, data exfiltration, and other OWASP MCP Top 10 categories.

Can it scan private repositories?

Currently, the skill requires public access to the source code to perform its security, functional, and legal analysis.

What repositories can MCP Scanner analyze?

It can scan GitHub repositories, npm packages, PyPI packages, and direct source file links to provide a comprehensive evaluation.

MCP Scanner

Name: MCP Scanner
Author: jbdamask

byjbdamask

•

セキュリティとテスト

Evaluates third-party Model Context Protocol (MCP) servers for security vulnerabilities, functionality, and legal compliance before installation.

概要

MCP Scanner provides a comprehensive safety net for developers and users exploring the Model Context Protocol ecosystem. By fetching and analyzing source code from repositories like GitHub, npm, and PyPI, the skill identifies potential security risks such as hardcoded secrets or command injection, verifies legal compliance via license checks, and assesses whether the tool's features align with user requirements. It bridges the gap between technical complexity and user safety by delivering clear, jargon-free assessments while offering deep-dive technical reports based on the OWASP MCP Top 10 upon request.

主な機能

Automated security auditing against OWASP MCP Top 10 standards
Source code analysis to detect malicious patterns and hardcoded secrets
Plain-language safety reports using intuitive real-world analogies
Functionality assessment to confirm the tool meets specific user needs
Legal and licensing compliance verification for commercial or personal use
1 GitHub stars

ユースケース

Verifying if an npm-based MCP package has a permissive license for enterprise or commercial use
Performing a technical security audit on an unmaintained MCP server to identify potential risks
Checking the safety of a new GitHub-hosted MCP tool before adding it to your Claude environment

概要

主な機能

Automated security auditing against OWASP MCP Top 10 standards
Source code analysis to detect malicious patterns and hardcoded secrets
Plain-language safety reports using intuitive real-world analogies
Functionality assessment to confirm the tool meets specific user needs
Legal and licensing compliance verification for commercial or personal use
1 GitHub stars

ユースケース

Verifying if an npm-based MCP package has a permissive license for enterprise or commercial use
Performing a technical security audit on an unmaintained MCP server to identify potential risks
Checking the safety of a new GitHub-hosted MCP tool before adding it to your Claude environment