mcprotect

MCP Servers Run With Your Credentials.
Make Sure They Deserve Them.

Scan your Claude, Cursor, and VS Code MCP configs for hardcoded secrets, excessive permissions, and supply chain risks.

Scan Your Config View on GitHub

open source (Apache 2.0) · OWASP MCP Top 10 · static analysis only

WHY THIS MATTERS

Secrets in Plaintext

API keys sitting in JSON, committed to git, visible to every collaborator

Root Filesystem Access

MCP servers reading your SSH keys, env files, and credentials

Unvetted Packages

npx -y from npm with no version pinning, no integrity checks

SCAN YOUR CONFIG

{
  "mcpServers": {
    "github": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-github"],
      "env": { "GITHUB_TOKEN": "ghp_exampletoken1234567890abcdefghijkl" }
    },
    "filesystem": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-filesystem", "/"]
    }
  }
}

Analyzed in-memory and discarded immediately. Nothing is stored, logged, or transmitted beyond this request.

HOW IT WORKS

Paste your config

Drop your claude_desktop_config.json, .mcp.json, or any MCP config

Static analysis

8 checks scan for secrets, permissions, transport, and supply chain risks

Get findings

Severity-rated findings with OWASP mapping and fix instructions

WHAT IT CHECKS

Each check maps to a category in the OWASP MCP Top 10, the industry standard for MCP security risks.

M1: Tool Poisoning

TP-001

hidden instructions in tool descriptions

TP-003

tool name shadowing

M2: Excessive Permissions

EP-001

unrestricted filesystem access

EP-002

shell execution capability

M4: Credential Exposure

CE-001

hardcoded secrets in config

M6: Insecure Transport

IT-001

unencrypted HTTP transport

IT-003

missing auth on remote servers

M7: Supply Chain

SC-001

unpinned server versions

INTEGRATE

Scan configs programmatically. No auth required.

curl -X POST https://api.mcprotect.dev/api/scan \
  -H "Content-Type: application/json" \
  -d '{
    "config_files": [{
      "path": ".mcp.json",
      "content": "{\"mcpServers\": ...}"
    }]
  }'

Response

{
  "scan_id": "scan_abc123",
  "status": "complete",
  "summary": {
    "servers_scanned": 2,
    "findings_total": 4,
    "findings_critical": 1,
    "findings_high": 1,
    "risk_score": 25
  },
  "findings": [
    {
      "check_id": "CE-001",
      "severity": "critical",
      "title": "hardcoded secret in MCP config",
      "server_name": "github",
      "remediation": "remove the hardcoded secret...",
      "owasp_category": "M4 - Credential Exposure"
    }
  ]
}

Supported config formats

claude_desktop_config.json (Claude Desktop)
.mcp.json (Claude Code)
cline_mcp_settings.json (Cline / VS Code)
.cursor/mcp.json (Cursor)
.vscode/settings.json (VS Code / Copilot)
mcp.config.json / mcp.config.ts

Scan locally without sending data anywhere.

# install (coming soon to npm)
bun add -g @mcprotect/scanner

# scan a config file
mcprotect scan claude_desktop_config.json

# scan with manifest fetching from npm
mcprotect scan .mcp.json --fetch-manifests

# json output for CI
mcprotect scan .mcp.json --json

Scan MCP configs on every pull request.

# .github/workflows/mcprotect.yml
name: MCP Security Scan
on: [pull_request]
jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: mcprotect/scan-action@v1  # coming soon

YOUR DATA STAYS YOURS

Configs are analyzed in-memory and discarded after each scan

No config data is stored, logged, or used for training

The CLI runs entirely locally — nothing leaves your machine

The scanner is open source — audit the code yourself