PulseGatePost-LLM software, agents & workflows market (since 2022)
Coverage
167,794

Apps indexed

 

Freshness
21 min ago

Last update

 

Cadence
1,470/day

7-day average

Indexed today: 715

PulseGate

Market catalog for public software products, models, infra, and workflow tools.

Software is shipping faster than ever, and a growing share of it lives outside the official app stores. PulseGate is a free public catalog — built for builders, analysts, and everyday users.

Platform

  • All Apps
  • Categories
  • Industry Updates
  • Data Sources
  • Coverage Rules
  • Glossary
  • Embed Widget

Support

  • Help Center
  • Submit a Project
  • Report an Issue

Company

  • About
  • Press & Data
  • Contact
  • Platform Status

Legal

  • Privacy
  • Terms
  • Disclaimer

© 2026 PulseGate. Operated by Dymaxio s.r.o., Prague, Czech Republic.·

All systems operational
  1. Home/
  2. ai-agentic-mcpscan/
  3. Alternatives

ai-agentic-mcpscan Alternatives

ai-agentic-mcpscan is an open-source command-line tool that provides local-first, offline-by-default security posture scanning for Model Context Protocol (MCP) and local-agent environments. Below are 28 security & compliance platforms apps with similar functionality to ai-agentic-mcpscan, matched by what each product actually does — not ranked or scored. Explore each to find the closest fit for your use case.

  • agentsec-cli
    pypi.org

    agentsec-cli is an open-source CLI tool that performs static security analysis on AI coding agents and Model Context Protocol (MCP) configurations. It helps developers and security teams identify vulnerabilities and misconfigurations in agent-based AI systems before deployment.

  • mcp-mcts
    pypi.org

    mcp-mcts is an open-source CLI tool for local MCP security scanning, attack chain analysis, inventory management, and CI integration. It supports optional Semgrep and LLM analysis, making it suitable for security engineers and DevOps teams focused on codebase security.

  • mcp-security-scan
    pypi.org

    mcp-security-scan is an open-source CLI tool that scans MCP servers for hardcoded secrets, unsafe execution, and missing authentication. It helps developers and security engineers identify and remediate vulnerabilities in their MCP infrastructure.

  • agentscanner
    pypi.org

    agentscanner is an open-source CLI tool that performs static security analysis on agentic AI configuration files, including settings, permissions, hooks, and MCP servers. It helps developers and security teams identify vulnerabilities in AI agent stacks before deployment.

  • agent-audit-kit
    github.com

    agent-audit-kit is an open-source CLI tool that scans MCP-connected AI agent pipelines for security vulnerabilities. It helps AI security engineers ensure the safety and compliance of agent-based workflows.

  • agentaudit-scanner
    pypi.org

    agentaudit-scanner is an open-source CLI tool that scans AI agent skills, rule files, and MCP configurations for security risks like prompt injections and hidden instructions. It is designed for AI security engineers and developers to ensure safe agent deployments.

  • mcpsec
    github.com

    Security scanner for MCP (Model Context Protocol) servers - pentest your AI agent's tool connections

  • mcpscope-cli
    pypi.org

    mcpscope-cli is an open-source command-line tool that acts as a local-first MCP proxy for AI agent tool calls. It records and provides observability into what AI agents actually do, helping developers debug and analyze agent behavior. Suitable for AI developers and researchers working with Model Context Protocol.

  • mcp-audit-scanner
    github.com

    mcp-audit-scanner is an open-source CLI tool designed to audit Model Context Protocol (MCP) server configurations for security and privacy vulnerabilities. It assists security engineers in identifying and mitigating risks in AI agent infrastructure.

  • mcp-tool-auditor
    pypi.org

    mcp-tool-auditor is an open-source command-line tool designed for security researchers to scan and pentest MCP servers. It provides both defensive scanning and offensive pentesting capabilities, mapping to the OWASP MCP Top 10. The tool helps identify and mitigate security vulnerabilities in AI and LLM-related infrastructures.

  • agentsentinel-cli
    pypi.org

    agentsentinel-cli is an open-source command-line tool that provides security scanning, static analysis, supply chain auditing, and multi-agent trust analysis for AI agents and MCP servers. It helps developers and security engineers identify vulnerabilities and ensure compliance with security best practices in agentic systems.

  • MCPShield Agent
    pypi.org

    MCPShield Agent is a Python-based security platform designed to discover, monitor, and assess the risk of MCP servers within an organization. It addresses the challenge of shadow AI infrastructure, where unauthorized or unmonitored MCP servers may expose sensitive data through misconfigured access to databases, file systems, and APIs. The tool is intended for security teams and organizations seeking to gain visibility into MCP server deployments and reduce the risk of credential exposure, compliance violations, and data breaches arising from AI assistants like Claude and ChatGPT accessing critical systems. The platform operates by deploying a lightweight agent on endpoints, which scans for MCP configurations across environments such as Claude Desktop, Cursor, VS Code, and custom setups. It supports Windows, macOS, and Linux, and can be installed via PyPI using a pip command. The agent automatically discovers all MCP servers on a machine, analyzes their configurations, and calculates a risk score from 0 to 100 for each server based on factors like database access patterns, sensitive environment variables, file system permissions, and the presence of plaintext credentials or API tokens. Risk findings are categorized by severity (Critical, High, Medium, Low) and are surfaced immediately in a web-based dashboard, providing detailed breakdowns of each risk factor and enabling teams to prioritize remediation efforts. MCPShield Agent offers on-demand scanning, allowing users to generate a complete inventory of MCP servers at any time, with results uploaded to the dashboard. The platform also features live activity timelines, instant alerts for high-risk configurations, and the ability to embed dynamic risk score badges in internal documentation. Scheduled scanning, change tracking, Slack and webhook integrations, and a badge embed API are noted as upcoming features. For developers, MCPShield integrates into CI pipelines, automatically risk-scoring pull requests that modify MCP configurations, with a GitHub Action available for streamlined workflow integration. The tool provides a free tier and is open source under the MIT license, emphasizing privacy by never capturing credential values. No signup is required for certain scanning features, and the agent can be used without an API key in CI environments. MCPShield Agent positions itself as a privacy-first, compliance-aware solution for organizations seeking complete visibility over their AI-connected infrastructure.

  • mcpsnare
    pypi.org

    mcpsnare is an open-source CLI tool that actively scans Model Context Protocol (MCP) servers for vulnerabilities using confirmation-driven techniques. It is designed for security professionals to automate security assessments and penetration testing of MCP endpoints.

  • agenticmeter-cli
    pypi.org

    agenticmeter-cli is an open-source command-line tool that provides local-first observability for AI agent workflows. It helps developers and researchers understand, trace, and debug the behavior of LLM-based agents by offering detailed insights into their actions and decisions. The tool integrates with popular AI frameworks and supports local analysis.

  • mcp-audits
    pypi.org

    mcp-audits is an open-source CLI tool that scans, enumerates, and risk-scores permissions on locally configured MCP servers. It is designed for security engineers and AI infrastructure operators to ensure safe and compliant access control in AI systems.

  • orisan-mcpscan
    pypi.org

    orisan-mcpscan is an open-source CLI tool for scanning Model Context Protocol (MCP) servers for security vulnerabilities. It operates locally, providing fast and private assessments for developers and security professionals.

  • scopesafe-aibom
    pypi.org

    scopesafe-aibom is an open-source CLI tool that scans codebases to discover and risk-assess AI agents, models, and MCP servers. It helps developers and security engineers ensure compliance and security in AI-powered applications by generating AI Bill of Materials (AI-BOM) reports.

  • mcpgawk
    pypi.org

    mcpgawk is a local-first command-line tool designed to measure the cost and capabilities of any MCP (Model Context Protocol) server without uploading data or sending inventory information off the user's machine. Its primary function is to analyze how many tokens are consumed when an MCP server loads tools into an AI's context and to assess the declared capabilities of each tool. By providing detailed breakdowns of token usage and flagging tools with potentially sensitive capabilities, such as write or exfiltration permissions, mcpgawk helps users understand both the direct resource cost and the security profile of their MCP server configurations. The tool can be integrated into various workflows, offering three main modes of operation: as a terminal CLI after installation via pip, as an extension within editors like VS Code or Cursor, and as a GitHub Action for continuous integration environments. Regardless of how it is run, mcpgawk operates entirely locally, ensuring that no server inventory or measurement data leaves the user's machine. It supports analysis of MCP servers across multiple connection protocols, including stdio, HTTP, SSE, and OAuth. mcpgawk provides token counts using a named index (cl100k), offering a reproducible and comparable measure of cost, though it notes that these counts are not identical to specific vendor billing metrics. The tool highlights the impact of large tool inventories on both context window consumption and AI model accuracy, referencing studies that show improved performance when unnecessary tools are trimmed from the server's context. Users publishing MCP servers are encouraged to use mcpgawk to identify cost drivers and missing annotations, with many fixes requiring minimal changes. 0 license. dev family. mcpgawk also provides access to a full benchmark report of measured servers and per-tool breakdowns, available at no cost.

  • mcp-config-audit
    pypi.org

    mcp-config-audit is an open-source command-line tool that scans Model Context Protocol (MCP) configuration files for security issues. It operates locally, requiring no account or network connection, and outputs results in SARIF format. Designed for developers and security engineers who need to audit MCP configs securely and efficiently.

  • mcpscore
    pypi.org

    mcpscore is an open-source CLI tool that analyzes MCP servers for compliance, quality, and protocol validation. It generates comprehensive reports to help developers and administrators ensure their Model Context Protocol servers meet required standards.

  • agentic-metric-x
    pypi.org

    agentic-metric-x is an open-source CLI tool for monitoring AI coding agents, providing local and SSH remote tracking of token usage and associated costs. It is designed for developers who use AI coding agents like Claude Code and Codex, helping them optimize and analyze resource consumption.

  • agentsploit
    github.com

    agentsploit is an open-source CLI framework designed for offensive security testing of AI agents and Model Context Protocol (MCP) servers. It provides tools for prompt injection, red teaming, and agent security research, supporting security professionals and developers.

  • agentproof-scan
    pypi.org

    agentproof-scan is an open-source CLI security scanner designed to probe AI-agent HTTP endpoints for secret and prompt leakage. It integrates with CI pipelines using exit codes to automate security checks, helping developers and security engineers ensure their AI agents are not exposing sensitive information.

  • mcp-agent-tester
    github.com

    mcp-agent-tester is an open-source tool for inspecting, testing, and running MCP servers and agents. It provides both a web UI and CLI, supports JSON trace export, and is designed for developers working with Model Context Protocol agents and infrastructure.

  • asmhunter-mcp
    pypi.org

    ASMHunter is a continuous attack surface monitoring (ASM) platform designed specifically for bug bounty hunters and security professionals. The tool addresses the challenges of tracking internet-facing assets within bug bounty scopes, such as subdomains, ports, endpoints, and HTTP services, by providing real-time monitoring and attribution for every change detected. Unlike traditional ASM tools that simply report asset changes, ASMHunter links each finding to the specific scan, asset, and timestamp that surfaced it, enabling users to trace bounties directly back to the monitoring event that earned them. The platform offers a chronological diff feed that highlights new subdomains, ports, HTTP fingerprints, URLs, and findings as they appear. Scheduled sweeps run automatically without requiring users to maintain their own infrastructure, cron jobs, or deduplication scripts. ASMHunter is scope-aware, ensuring all monitoring stays within authorized bug bounty programs. Users can receive alerts via Telegram and email, and findings are enriched with metadata for scan attribution. The tool also provides a public API, allowing integration with custom scripts, Caido, or AI agents, making it adaptable to various workflows. ASMHunter features a native Model Context Protocol (MCP) server, enabling users to drive reconnaissance, hunt sessions, and reporting directly from AI clients such as Claude or Cursor. This integration allows for natural language interaction, letting users start sessions, set goals, log findings, and draft reports without leaving their editor or chat environment. The platform supports goal-driven hunting, keeping AI agents focused on specific objectives throughout a session. Pricing is structured for individual hunters and teams, with a free tier offering weekly sweeps for up to three targets. Paid plans include Hunter, Pro, and Legend, which scale in sweep frequency and target count, and add features such as deeper discovery modules for XSS, SQLi, and JS secret extraction. Team and enterprise options are available for organizations needing shared dashboards, SSO, or custom workflows. ASMHunter is delivered as a managed service and does not require self-hosting or manual infrastructure maintenance.

  • MCPSafe
    mcpsafe.io

    MCPSafe is a security scanner designed specifically for Model Context Protocol (MCP) servers, offering pre-install audits to identify vulnerabilities and threats before deployment. The platform is aimed at developers who need to vet MCP servers prior to installation, as well as registry operators responsible for publishing secure catalogs. It provides both fast and deep scans, delivering a quick verdict in approximately three minutes and a more thorough consensus-based analysis in about twenty minutes. The tool combines static analysis with evaluations from five independent large language models (LLMs) to detect a wide range of issues. Its static analysis capabilities identify code-level vulnerabilities such as command injection, SQL injection, server-side request forgery (SSRF), path traversal, and hardcoded secrets. The LLM consensus approach uncovers more complex threats including tool poisoning, silent rug pulls, indirect prompt injection, and obfuscated intent that may evade traditional pattern matching. MCPSafe also performs typosquatting checks to flag lookalike package names, unverified publishers, and unpinned dependencies, helping to prevent supply chain attacks. A permission audit feature evaluates each tool’s real-world access, highlighting excessive permissions, weak authentication, and unintended network exposure. MCPSafe supports scanning a variety of sources, including GitHub repositories, npm and PyPI packages, Docker images, and MCP registry IDs. Users can specify a particular version for targeted analysis. The platform provides actionable score reports using the AIVSS (AI Vulnerability Scoring System), which extends traditional vulnerability scoring with factors relevant to agentic threats, and maps findings to CWE standards. Each scan generates a live SVG badge that can be embedded in documentation to display the current security grade. Results are kept up-to-date by fingerprinting the commit or version on every request, with rescans triggered automatically for new commits. The service is delivered as a web-based platform and is free to use, requiring no signup or credit card for public package scans. Signed-in users benefit from higher rate limits and access to scan history. MCPSafe is developed and operated from Germany.

  • codebase-agent-mcp
    pypi.org

    codebase-agent-mcp is an autonomous agent designed to provide token-efficient code analysis, documentation retrieval, and implementation guidance for large library repositories. It leverages OpenAI-compatible LLMs and supports integration via MCP and API, making it suitable for developers working with extensive codebases.

  • MCPfinder
    mcpfinder.dev

    MCPfinder is an open-source tool that helps AI agents discover and configure Model Context Protocol (MCP) servers. It inspects trust signals, manages environment variables, and generates install-ready configurations, streamlining integration for developers building AI agents that interact with external tools and data sources.