HN Showcase
Back to browse
GitHub Repository

Security scanner for MCP server configurations. Detects secrets, CVEs, permission issues, and exfiltration vectors across 10 AI tool clients.

23 starsTypeScript

MCP-scan – security scanner for MCP server configs

by AbanoubRodolf·Mar 24, 2026·1 point·0 comments
Visit ProjectView on HN

AI Analysis

●●SolidSolve My ProblemShip It

Catches typosquatting and leaked secrets in MCP configs before deployment.

Strengths
  • Detects 43+ API key formats directly in env vars and config args.
  • Typosquatting scanner catches homoglyphs and character swaps in package names.
  • Works as both CLI tool and importable library for CI integration.
Weaknesses
  • npm-only limits adoption; no Python or Rust version for non-JS ecosystems.
  • MCP ecosystem is still nascent — may be premature for most teams.
Category
Security
Target Audience

Developers using MCP servers in Cursor, VS Code, or other AI tooling

Similar To

Socket.dev · npm audit · Snyk

Similar Projects

Security●●Solid

MCP-scan – Security scanner for MCP server configs

First security scanner for MCP configs as the protocol gains adoption.

Niche GemShip It
AbanoubRodolf
102mo ago
Security●●Solid

mcpguard – security scanner and firewall for MCP servers

OWASP MCP Top 10 scanner and proxy firewall for AI agent tool calls.

Niche GemSolve My ProblemShip It
GTprojects
2013d ago
Security●●Solid

Mcpsec-A multi-agent SEC gate for MCP toolchains (scan →harden →rescan)

MCP-specific security scanning with LLM-powered attack simulation, but assumes MCP adoption maturity that doesn't exist yet.

Big BrainBold Bet
Yuvraj_exe
103mo ago