HN Showcase
Back to browse
GitHub Repository

Static source code security analysis for MCP servers

1 starsTypeScript

Sigil – source code security analysis for MCP servers (open source)

by sigildev·Mar 5, 2026·2 points·0 comments
Visit ProjectView on HN

AI Analysis

●●●BangerZero to OneWizardrySolve My Problem

Source-code MCP security auditing. Existing scanners check descriptions; sigil reads actual code.

Strengths
  • Addresses a real, quantified threat (34% command injection, 82% path traversal in MCP implementations)
  • 16 rules mapped to documented attack vectors and CVEs, not hand-wavy heuristics
  • Deterministic trust scoring (0–100) with exit codes for CI/CD gating—production-ready immediately
Weaknesses
  • MCP ecosystem still young; adoption depends on community standardization around security tooling
  • Only TypeScript and Python; C++ or Go MCP servers not covered yet
Category
Security
Target Audience

MCP server developers, AI agent builders, DevOps engineers integrating external tools

Similar To

Semgrep · Checkmarx

Similar Projects

Security●●Solid

MCP-scan – Security scanner for MCP server configs

First security scanner for MCP configs as the protocol gains adoption.

Niche GemShip It
AbanoubRodolf
102mo ago
Security●●●Banger

Mcpaudit – static security scanner for MCP servers

First static analyzer for MCP servers catching command injection before you plug it in.

Zero to OneSolve My Problem
allenwu06
3024d ago