MCPSafe.io
RegistryThreatsMethodologyDocsPricingScanSign in
Grade backed by static analysis + 5 LLMs

MCP Server Security Scanner

Is this MCP server safe to install?

Fast verdict in 3 minutes. Deep LLM-judge consensus in 20 minutes. Public packages free; private repos for teams shipping their own.

Scan an MCP server

Free · No credit card required

Built for developers vetting MCP servers before install, and registry operators publishing safe catalogs.

What we detect

Typosquatting

Flags lookalike package names, unverified publishers, and unpinned dependencies before they reach your install chain.

Static analysis

Detects command injection, SQL injection, SSRF, path traversal, and hardcoded secrets — the code-level bugs that turn MCP servers into exploits.

MCPSafe.io

Security checks for MCP servers — public packages and private repos, fast or deep.

Legal

Privacy PolicyCookie PolicyTerms of ServiceSecurity disclosure

Resources

State of MCP SecuritySupportSystem statusMade in Germany 🇩🇪

© 2026 MCPSafe. All rights reserved.

GDPR — Privacy Policy

LLM consensus

Five independent LLM judges uncover tool poisoning, silent rug pulls, indirect prompt injection, and obfuscated intent that pattern matching misses.

Permission audit

Audits each tool's real-world reach — flagging excessive permissions, weak authentication, and network exposure beyond its stated purpose.

View the full threat catalog

How it works

01

Paste any MCP source

GitHub URL, npm scoped package, or pip package — we normalise them all.

02

Parallel analysis

Typosquat, static, behavioral, readiness, and 5-LLM consensus run in parallel.

03

Actionable score report

AIVSS 0–10 score, per-tool findings, CWE mapping, and copy-safe config.

FAQ

Is MCPSafe free?+

Yes — scanning is free for everyone, no credit card, no signup required. Signed-in users get higher rate limits and scan history.

What can I scan?+

GitHub URLs (github.com/owner/repo), npm packages (scoped or unscoped), PyPI packages, Docker images (Docker Hub or GHCR), and MCP registry IDs (io.github.owner/server). Pin a specific version with @version.

See all supported targets
What is the AIVSS score?+

AIVSS (AI Vulnerability Scoring System) extends CVSS with agentic-threat factors like tool poisoning, prompt injection, and over-permissive tool access. Scored 0–10 where lower is safer.

Read the AIVSS scoring methodology
How do you reduce false positives?+

5 independent LLM judges from multiple providers vote on each finding. We only flag what consensus agrees on — reducing noise from any single model's blind spots.

How fresh are the results?+

We fingerprint the commit/version on every request. Previously scanned packages return in under a second from cache; new commits automatically trigger a rescan.

Can I embed a badge in my README?+

Yes — every scanned package gets a live SVG badge showing its current grade. See the Badges page for snippets.

Ship safer MCP integrations.

Sign up free. No credit card required.

Create free account