MCP & local-agent security

AI Agentic MCPscan

Find the security holes in your MCP and local-agent setup — before someone else does. Local-first, offline by default, one command.

$ pipx install ai-agentic-mcpscan
Apache-2.0·Python 3.11+·macOS / Linux / Windows·No telemetry

What it checks

Four dimensions, graded A–F per server and overall.

Exposure

Servers reachable beyond loopback

Flags MCP servers bound to 0.0.0.0 or a routable address instead of 127.0.0.1.

Credentials

Plaintext secrets at rest

Detects API keys and high-entropy secrets in configs and .env files, plus world-readable or git-tracked secret files.

Tool scope

Over-broad permissions

Catches auto-approved shell/exec tools and wildcard allow-lists that hand agents an RCE primitive.

Pinning

Unpinned supply chain

Surfaces floating npx/uvx packages that fetch new, unreviewed code on every run.

See it in one command

A real scan of a misconfigured project — secrets, an exposed socket, an unpinned package, a blanket Bash(*) grant.

$ mcpscan scan

AI Agentic MCPscan — overall posture: F
  dimensions: credential=F, exposure=F, pinning=B, tool_scope=B
  findings: 3 critical, 2 high, 1 medium

▶ ~/project/.mcp.json#leaky-db  [grade F]
  [CRITICAL] Plaintext high-entropy secret in config
             secret: [redacted len=28 sha256:961290af]
             fix:   Move it to a secret manager or runtime env var, and rotate it.
  [MEDIUM  ] Server 'leaky-db' runs an unpinned package via npx
             fix:   Pin to an exact version, e.g. npx some-pkg@1.2.3.

▶ ~/project/.env  [grade F]
  [CRITICAL] Plaintext OpenAI API key in config  (.env:1)
             fix:   Remove the literal value; rotate the exposed key.
  [HIGH    ] Secret file is group/world-readable
             fix:   chmod 600 the file.

▶ socket://0.0.0.0:8000  [grade D]
  [CRITICAL] MCP server reachable beyond loopback (0.0.0.0:8000)
             fix:   Bind to 127.0.0.1 instead of 0.0.0.0.

Trusted by construction

A security tool shouldn't widen your attack surface. This one is built not to.

Quick start

Install once, then scan. Grades and exit codes drop straight into CI.

# install
pipx install ai-agentic-mcpscan

# scan the current project + any running MCP servers
mcpscan scan

# machine-readable and shareable reports
mcpscan scan --json report.json
mcpscan scan --html report.html

# fail CI on High-or-worse findings
mcpscan scan --fail-on high