MCPCMD
M

mcp-scan

Open-source security scanner for Model Context Protocol (MCP) servers. Audits Claude Desktop, VS Code, Cursor, Windsurf, and 16+ AI tools for secrets, prompt i…

Security
Install Command
npx -y mcp-scan
Claude Desktop Config
{
  "mcpServers": {
    "mcp-scan": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-scan"
      ]
    }
  }
}

mcp-scan is a community MCP server that connects AI assistants like Claude to open-source security scanner for model context protocol (mcp) servers. audits claude desktop, vs code, cursor, windsurf, and 16+ ai tools for secrets, prompt i…. It runs locally on your machine, keeping your data private and giving you full control over the connection. Security teams can leverage it to run checks and gather intelligence through natural-language prompts.

About mcp-scan

Overview

Open-source security scanner for Model Context Protocol (MCP) servers. Audits Claude Desktop, VS Code, Cursor, Windsurf, and 16+ AI tools for secrets, prompt injection, supply-chain risks, and 17+ security checks.

Links

Topics

mcp, security, scanner, audit, model-context-protocol, mcp-scan, mcp-security, mcp-server, claude-desktop, cursor, vscode, windsurf, ai-security, llm-security, prompt-injection, supply-chain-security, secret-detection, typosquatting, data-flow-analysis, sarif, github-action, cli, devtools, security-audit, vulnerability-scanner

Who Should Use mcp-scan?

  • 1Run security scans and vulnerability checks from your AI assistant
  • 2Automate compliance checks and audit log reviews
  • 3Integrate threat intelligence feeds into your AI workflow
  • 4Let Claude assist with penetration testing and security research tasks

How to Install mcp-scan

Before you start

You will need Node.js (v18 or later) installed on your machine — download it from nodejs.org if you haven't already.

  1. 1Open a terminal (Terminal on Mac, Command Prompt or PowerShell on Windows).
  2. 2Paste the install command above and press Enter — Node.js will download and run the server automatically.
  3. 3Add the server to your Claude Desktop config file (see the JSON snippet above) and restart Claude.

The Claude Desktop config snippet above can be copied and pasted directly into your claude_desktop_config.json file — no editing required.

How mcp-scan Compares

It runs entirely on your local machine, so no data leaves your environment — important for teams with privacy or compliance requirements.
It is distributed as an npm package, making version management and updates straightforward with a single `npm update` command.

Tags

securityscannerauditmcp-scanmcp-securityclaude-desktopcursorvscodewindsurfai-security

Reviews

Related MCP Servers

P

Powerdrill

Security

Interact with Powerdrill datasets, authenticated with Powerdrill User ID and Project API Key.

securitycommunityverified
GitHub
D

Descope

Security

An MCP server to integrate with Descope to search audit logs, manage users, and more.

securitycommunityverified
GitHub
E

esp32_nat_router

Security

An AI-enabled NAT Router/Firewall for the ESP32

dhcp-serveresp-idfesp32+7
GitHub
T

tradingview-mcp

Security

Advanced TradingView MCP Server for AI-powered market analysis. Real-time crypto & stock screening, technical indicators, Bollinger Band intelligence, and cand…

claude-desktopcryptocurrencymcp-tools+4
GitHub