HN Showcase
Back to browse
GitHub Repository

The most comprehensive MCP security scanner — attack paths, tool poisoning, typosquats, CVEs, trust scores, rug-pull detection

1 starsPython

MCPHound MCP servers together, create attack paths solo scanners miss

by tayler123·Mar 5, 2026·1 point·0 comments
Visit ProjectView on HN

AI Analysis

●●●BangerZero to OneBig BrainWizardry

Attack graph across MCP servers catches chains no single-server scanner finds; solves actual new problem.

Strengths
  • Graph-based multi-hop attack detection (filesystem + fetch = exfiltration) is genuinely novel—no existing tool models MCP interactions this way
  • 10 deterministic regex patterns for tool poisoning (POISON-IGNORE-PREV, etc.) catch injection attacks without LLM hallucination risk
  • Zero install via npx with auto-detection of Claude, Cursor, VS Code configs; runs locally, no data exfil
Weaknesses
  • MCP ecosystem is nascent; value proposition only matters if users actually adopt MCP servers at scale
  • Typosquat detection via Levenshtein distance is standard; not a differentiator versus package managers
Category
Security
Target Audience

AI assistant power users, Claude/Cursor configuration managers, security teams vetting AI tool plugins

Similar To

MCPShield · Snyk · Enkrypt

Similar Projects

Security●●Solid

MCP-scan – security scanner for MCP server configs

Catches typosquatting and leaked secrets in MCP configs before deployment.

Solve My ProblemShip It
AbanoubRodolf
102mo ago
Security●●Solid

MCP-scan – Security scanner for MCP server configs

First security scanner for MCP configs as the protocol gains adoption.

Niche GemShip It
AbanoubRodolf
102mo ago
Security●●●Banger

Mcpaudit – static security scanner for MCP servers

First static analyzer for MCP servers catching command injection before you plug it in.

Zero to OneSolve My Problem
allenwu06
3025d ago