Security●●Solid
Open-source security scanner for MCP (Model Context Protocol) servers
MCP-specific guardrails when Claude ecosystem lacks native security scanning.
Solve My ProblemDark Horse
neuralweaves
203mo ago
Back to browse
GitHub Repository
OWASP MCP Top 10 security scanner for Model Context Protocol servers
3 starsGo
MCPSec – OWASP MCP Top Scanner for Model Context Protocol Configs
by iamdesertpaul·Mar 6, 2026·2 points·0 comments
AI Analysis
●●SolidSolve My ProblemNiche Gem
First MCP security scanner addressing early Docker Hub moment—but audience is still nascent.
Strengths
- •Timely and forward-thinking: MCP is young, misconfigurations (hardcoded keys, wildcard permissions) are real and invisible to most users.
- •Well-designed for integration: OCSF JSON output, pluggable YAML rules, GitHub Action, Homebrew distribution, and CLI flexibility.
- •Proper security tool UX: fail-on severity filtering, multiple output formats, auto-detects Claude Desktop config paths.
Weaknesses
- •Market timing risk: MCP adoption is still early; tool value depends on ecosystem maturity and developer awareness of MCP-specific risks.
- •No public track record of real detections or disclosed issues; value remains hypothetical until production use validates the threat model.
Category
Target Audience
Developers running MCP servers locally or in CI (Claude Desktop, Cursor, VS Code, DXT extensions); security teams auditing AI tool configs
Similar To
Prowler (AWS) · Trivy (container scanning) · Checkov (IaC scanning)
Post Description
Most developers running MCP servers locally or in CI have no idea what's in
their config files. Hardcoded API keys, missing auth, tools with wildcard
permissions — it's the early days of Docker Hub all over again.
MCPSec scans MCP server configs (Claude Desktop, Cursor, VS Code, DXT extensions) for the OWASP MCP Top 10 risks. Written in Go, outputs OCSF JSON, has a pluggable YAML rules engine for community detections.
Similar Projects
Security●●Solid
Mcpsec-A multi-agent SEC gate for MCP toolchains (scan →harden →rescan)
MCP-specific security scanning with LLM-powered attack simulation, but assumes MCP adoption maturity that doesn't exist yet.
Big BrainBold Bet
Yuvraj_exe
103mo ago
Security●●Solid
MCPShield – Supply chain security scanner for MCP servers
Think “Snyk for MCP configs”: Levenshtein-based typosquat detection, CVE lookups, hardcoded-credential scans and permission checks, plus CI-friendly exit codes. Auto-discovery for clients like Claude, Cursor and VS Code shows practical attention to workflows. It’s an early release — the value hinges on maintaining the package/CVE databases and tuning detection heuristics.
Niche GemShip It
ethanmizrahi
133mo ago
Security●●Solid
mcpguard – security scanner and firewall for MCP servers
OWASP MCP Top 10 scanner and proxy firewall for AI agent tool calls.
Niche GemSolve My ProblemShip It
GTprojects
2016d ago
Security●●●Banger
MCPHound MCP servers together, create attack paths solo scanners miss
Attack graph across MCP servers catches chains no single-server scanner finds; solves actual new problem.
Zero to OneBig BrainWizardry
tayler123
103mo ago
Developer Tools●●Solid
Manceps – Ruby Client for the Model Context Protocol (MCP)
Ruby MCP client with httpx persistence when other options break persistent connections.
Niche GemShip It
obiefernandez
102mo ago