FREE · NO LOGIN · READ-ONLY
MCP Server Security Scan
Paste a Streamable-HTTP / SSE MCP endpoint. Get an instant A–F grade.
Scan console
—
Scans run
—
% with ≥1 finding
—
Top issue class
What we check
Tool Poisoning
Hidden instructions, zero-width unicode, and credential-baiting parameter names inside tool descriptions.
Command Injection
Shell-adjacent tools that accept free-form strings — the OX 'Mother of all AI supply chains' class.
Resource SSRF
Resource URIs pointing at cloud metadata (169.254.169.254), loopback, or path-traversal file:// targets.
Prompt Injection
Override-style instructions embedded in resource content the agent reads as authoritative.
OAuth & Settings
Open dynamic client registration and tools advertising auto-approval / consent bypass.
Server Identity
Servers self-reporting a trusted vendor name (@anthropic, @modelcontextprotocol) from an unrelated host.
How it stays safe
- · Read-only. We enumerate tools & resources — we never fire exploits at a server we don't own.
- · SSRF-guarded & DNS-pinned: private, loopback and metadata addresses are rejected.
- · Zero LLM calls — pure static heuristics, so it's genuinely free.
- · Don't want your server scanned? Publish
/.well-known/mcp-scan-opt-out.
Non-destructive read-only probing. By scanning you agree to our terms.