npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

mcp-scan

v2.0.2

Published

Open-source security scanner for Model Context Protocol (MCP) servers. Audits Claude Desktop, VS Code, Cursor, Windsurf, and 16+ AI tools for secrets, prompt injection, supply-chain risks, and 17+ security checks.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

rodolfboctorrodolfboctor

Keywords

mcpsecurityscannerauditmodel-context-protocolmcp-scanmcp-securitymcp-serverclaude-desktopcursorvscodewindsurfai-securityllm-securityprompt-injectionsupply-chain-securitysecret-detectiontyposquattingdata-flow-analysissarifgithub-actionclidevtoolssecurity-auditvulnerability-scanner

Readme

mcp-scan

npm version npm downloads License: MIT

Open-source security scanner for Model Context Protocol (MCP) servers.

MCP servers run with full access to your filesystem, API keys, and network. mcp-scan audits every MCP server configuration on your system, detecting leaked secrets, prompt injection risks, supply-chain vulnerabilities, and data flow issues before they become incidents.

npx mcp-scan@latest

No installation. No sign-up. No telemetry. No data leaves your machine. Supply chain scanning makes registry lookups (disable with --offline).

Why mcp-scan?

MCP servers are the new attack surface for AI-powered development. They run silently alongside your AI tools with shell access, filesystem permissions, and network egress. A single malicious or misconfigured server can exfiltrate API keys, inject instructions into your AI sessions, or become a supply-chain entry point.

mcp-scan was built after analyzing hundreds of publicly available MCP server configs and finding patterns that existing security tools miss: credential relay, prompt injection via tool descriptions, typosquatting near popular packages, and data sent to unexpected endpoints.

What It Detects

| Check | Severity | Description | |-------|----------|-------------| | Data Exfiltration | CRITICAL | Tool reads filesystem/DB/clipboard and sends data to a network endpoint | | Credential Relay | CRITICAL | Environment variables or secrets passed to external APIs or processes | | Known Malicious Package | CRITICAL | Config references packages on the known-bad list | | Exposed Secret | CRITICAL | Hardcoded API keys, tokens, or passwords in config | | Prompt Injection | HIGH | Instructions embedded in tool names or descriptions | | Obfuscated Network | HIGH | Server uses base64, hex, or reversed URLs to hide endpoints | | Data-in-URL Exfil | HIGH | Potential exfiltration via long strings in URL query parameters | | Typosquatting | HIGH | Package name closely resembles a trusted popular package | | Supply Chain Risk | HIGH | Low-trust package with no history, stars, or maintainers | | PII Exposure | HIGH | Server handles sensitive personal data without proper controls | | Outdated Package | MEDIUM | Package has known vulnerabilities in the installed version | | Overly Broad Permissions | MEDIUM | Server requests filesystem or shell access it does not need | | Telemetry Tracking | MEDIUM | Server contacts known analytics or tracking domains | | Privacy Gaps | MEDIUM | Missing data retention, deletion, or encryption-at-rest policies | | Unverified Source | LOW | Package not from a verified registry or organization | | Data Minimization | LOW | Tool requests significantly more data fields than necessary | | Missing Transport | LOW | MCP server communicates over unencrypted transport |

Supported AI Tools

mcp-scan automatically detects configurations for 16+ AI tool clients:

| Category | Tools | |----------|-------| | AI Assistants | Claude Desktop, Claude Code, Gemini CLI, Codex CLI | | Editors | VS Code, Cursor, Windsurf, Zed | | AI Coding Tools | Cline, Roo Code, Continue, Amp, Plandex | | Other | ChatGPT Desktop, GitHub Copilot |

v2.0 Features

  • Data Flow Analysis: Trace where your data goes after MCP processes it
  • Network Egress Monitor: See every endpoint your servers contact
  • Privacy Assessment: One-command PII and compliance report
  • Policy Engine: Custom security rules in .mcp-scan-policy.yml
  • Compliance Mapping: SOC 2, GDPR, HIPAA, PCI-DSS, NIST 800-53
  • SBOM Generation: CycloneDX and SPDX output
  • CI/CD Integration: Scan on every PR with SARIF output for GitHub, GitLab, and most security tools
  • 17+ Scanners: Secrets, supply chain, prompt injection, data flow, and more

All Commands

# Full security scan (auto-detects all AI tool configs)
npx mcp-scan@latest

# Output as JSON for CI/CD pipelines
npx mcp-scan@latest --json

# Privacy impact assessment and data map
npx mcp-scan@latest privacy

# Compliance report (SOC 2, GDPR, HIPAA, PCI-DSS, NIST 800-53)
npx mcp-scan@latest compliance

# Software Bill of Materials (CycloneDX or SPDX)
npx mcp-scan@latest sbom

# Validate custom security policies
npx mcp-scan@latest policy

# CI mode: exit 1 on CRITICAL or HIGH findings
npx mcp-scan@latest --ci --severity high

CI/CD Integration

Add mcp-scan to any CI pipeline via npx. Emits SARIF 2.1.0 which GitHub, GitLab, and most security tools pick up:

# GitHub Actions example
steps:
  - uses: actions/checkout@v4
  - uses: actions/setup-node@v4
    with:
      node-version: 20
  - run: npx mcp-scan@latest --sarif mcp-scan.sarif --severity medium
  - uses: github/codeql-action/upload-sarif@v3
    with:
      sarif_file: mcp-scan.sarif

GitLab CI, CircleCI, or any runner works. npx mcp-scan is the portable entrypoint.

Custom Security Policies

Define your own rules in .mcp-scan-policy.yml:

rules:
  - name: no-external-endpoints
    description: Block servers contacting endpoints outside your org domain
    match:
      network_egress:
        not_in_domain: "*.mycompany.com"
    severity: HIGH

  - name: require-approved-packages
    description: Only allow packages from your approved list
    match:
      package:
        not_in_allowlist: true
    severity: CRITICAL

Compliance Mapping

| Framework | Controls Covered | |-----------|-----------------| | SOC 2 | CC6.1, CC6.6, CC6.7, CC7.1 | | GDPR | Art. 25, Art. 32, Art. 33 | | HIPAA | 164.312(a)(1), 164.312(e)(1) | | PCI-DSS | Req. 6, Req. 10, Req. 11 | | NIST 800-53 | CA-7, RA-5, SA-11, SI-2 |

Privacy & Security Architecture

mcp-scan runs locally on your machine. Config parsing, regex scanning, and all heuristics happen in-process. The only network calls are optional supply-chain registry lookups (npm), which can be disabled with --offline.

  • Local config parsing and analysis only
  • No API keys required
  • No telemetry, no account, no sign-up
  • Optional npm registry lookup for supply-chain scanning, off with --offline
  • Fully open source. Audit the code yourself.

Roadmap

  • v2.1: Runtime Monitoring
  • v2.2: Sandboxed Execution
  • v2.3: Real-Time Alerting

Installation

Use without installing (always latest version):

npx mcp-scan@latest

Install globally:

npm install -g mcp-scan
mcp-scan

Contributing

Issues and PRs welcome. See CONTRIBUTING.md for guidelines.

For security disclosures: see SECURITY.md.

License

MIT. Built by Abanoub Rodolf Boctor · ThynkQ