MCP ExplorerExplorer

Mcp Security Scan

@sxhxliangon 9 months ago
1 MIT
FreeCommunity
AI Systems
MCP-security-scan: Security scanner for Model Context Protocol servers and tools

Overview

What is Mcp Security Scan

mcp-security-scan is a security scanner designed for Model Context Protocol (MCP) servers and tools. It detects and verifies the security of server configurations, prompts, resources, and tools within MCP configuration files.

Use cases

Use cases for mcp-security-scan include validating the security of server configurations in development environments, ensuring compliance with security standards in production systems, and performing regular security audits on MCP-based applications.

How to use

To use mcp-security-scan, install it via Cargo with the command cargo install --path .. Then, run the scanner by providing the configuration file path using the command mcp-security-scan [configuration_file_path]. Advanced options include specifying a storage path for scan results and setting a base URL for the validation API.

Key features

Key features of mcp-security-scan include scanning server configurations in MCP files, automatic validation of entities’ security, support for review mode with Chinese translations, compatibility with multiple MCP server types (SSE/Stdio), real-time display of scan progress and results, whitelist management, and historical scan record tracking.

Where to use

mcp-security-scan can be used in various fields where Model Context Protocol servers are implemented, including software development, security auditing, and compliance verification.

Clients Supporting MCP

The following are the main client software that supports the Model Context Protocol. Click the link to visit the official website for more information.

Claude Desktop

Claude Desktop: Official desktop application from Anthropic, natively supports MCP protocol. claude.ai

Cherry Studio

Cherry Studio: Cross-platform desktop client supporting multiple LLM providers, built-in MCP server support. cherry-ai.com

LobeChat

LobeChat: Modern open-source ChatGPT/LLMs UI, supports MCP protocol integration. lobehub.com

DeepChat

DeepChat: Cross-platform desktop AI assistant, compatible with MCP protocol, focusing on privacy and efficiency. deepchat.thinkinai.xyz

5ire

5ire: Cross-platform open-source desktop intelligent assistant MCP client, supports local knowledge base and MCP server. 5ire.app

View More MCP Clients

Content

MCP 安全扫描工具

项目简介

MCP安全扫描工具是一个用于检测和验证MCP(Model Context Protocol)配置文件中服务器、提示词(prompts)、资源(resources)和工具(tools)安全性的Rust应用程序。

核心功能

  • ✅ 扫描MCP配置文件中的服务器配置
  • ✅ 自动验证服务器中的实体(prompts/resources/tools)安全性
  • ✅ 支持审查模式,将prompts/resources/tools描述装换成中文
  • ✅ 支持多种MCP服务器类型(SSE/Stdio)
  • ✅ 实时显示扫描进度和结果
  • ✅ 支持白名单管理功能
  • ✅ 记录扫描历史并检测配置变更

技术栈

  • 语言: Rust
  • 主要依赖:
    • rmcp - MCP协议实现
    • serde - 序列化/反序列化
    • chrono - 时间处理
    • colored - 终端彩色输出

安装与使用

安装

cargo install --path .

基本用法

mcp-security-scan [配置文件路径]

高级选项

  • --storage-path: 指定存储扫描结果的路径
  • --base-url: 设置验证API的基础URL
  • --reset-whitelist: 重置白名单

工作原理

  1. 解析MCP配置文件,提取服务器配置
  2. 连接到每个服务器并获取所有实体(prompts/resources/tools)
  3. 计算每个实体的MD5哈希值(基于描述信息)
  4. 通过验证API检查实体安全性
  5. 记录扫描结果并与历史记录比较
  6. 支持白名单功能跳过已验证的安全实体

配置示例

{
  "mcpServers": {
    "example_server": {
      "url": "http://example.com/sse",
      "type": "sse"
    },
    "local_mcp": {
      "command": "npx",
      "args": [
        "-y",
        "example-server"
      ]
    }
  }
}

贡献指南

欢迎提交Pull Request!请确保:

  1. 代码符合Rust惯用写法
  2. 包含适当的测试用例
  3. 更新相关文档

许可证

MIT

Dev Tools Supporting MCP

The following are the main code editors that support the Model Context Protocol. Click the link to visit the official website for more information.

Zed

Zed: High-performance collaborative code editor, supports MCP protocol, providing a smooth programming experience. zed.dev

Cursor

Cursor: AI code editor built on VS Code, supports MCP protocol for context-aware programming. cursor.com

Windsurf

Windsurf: AI code editor from Codeium, integrates MCP protocol to provide intelligent code assistance. windsurf.com

Continue

Continue: Open-source AI programming assistant plugin, supports VS Code and JetBrains, compatible with MCP protocol. continue.dev

Trae

Trae: AI-driven code editor, supports MCP protocol, focusing on enhancing developer programming experience. trae.ai

View More MCP Dev Tools

Tools

No tools

Comments

Recommend MCP Servers

Tavily MCP Server

Tavily MCP Server The Tavily MCP server provides: search, extract, map, crawl tools Real-time web search capabilities through the tavily-search tool Intelligent data extraction from web pages via the tavily-extract tool Powerful web mapping tool that creates a structured map of website Web crawler that systematically explores websites.

MCP Server Chart

MCP Server Chart This is a TypeScript-based MCP server that provides chart generation capabilities. It allows you to create various types of charts through MCP tools. You can also use it in Dify.

GitHub MCP Server

GitHub MCP Server MCP Server for the GitHub API, enabling file operations, repository management, search functionality, and more.

Brave Search MCP Server

Brave Search MCP Server Web and local search using Brave's Search API

Firecrawl MCP Server

Firecrawl MCP Server Advanced web scraping with JavaScript rendering, PDF support, and smart rate limiting

Context7 MCP

Context7 MCP LLMs rely on outdated or generic information about the libraries you use. You get:

Slack MCP server

Slack MCP server Channel management and messaging capabilities

Sequential Thinking MCP Server

Sequential Thinking MCP Server Dynamic and reflective problem-solving through thought sequences

Fetch MCP Server

Fetch MCP Server A Model Context Protocol server that provides web content fetching capabilities.

Playwright MCP

Playwright MCP A Model Context Protocol (MCP) server that provides browser automation capabilities using [Playwright](https://playwright.dev). This server enables LLMs to interact with web pages through structured accessibility snapshots, bypassing the need for screenshots or visually-tuned models.

View All MCP Servers