mcp-security-scan is an open-source CLI tool that scans MCP servers for hardcoded secrets, unsafe execution, and missing authentication. Below are 31 security & compliance platforms apps with similar functionality to mcp-security-scan, matched by what each product actually does — not ranked or scored. Explore each to find the closest fit for your use case.
mcp-mcts is an open-source CLI tool for local MCP security scanning, attack chain analysis, inventory management, and CI integration. It supports optional Semgrep and LLM analysis, making it suitable for security engineers and DevOps teams focused on codebase security.
mcp-audit-scanner is an open-source CLI tool designed to audit Model Context Protocol (MCP) server configurations for security and privacy vulnerabilities. It assists security engineers in identifying and mitigating risks in AI agent infrastructure.
mcp-check-security is an open-source command-line tool that performs offline security checks on Model Context Protocol (MCP) server configurations. It helps developers and security engineers identify potential vulnerabilities and misconfigurations before deployment. The tool is designed for use in AI infrastructure environments.
Static analysis tool for MCP server Python code — detects security vulnerabilities via AST and taint tracking.
AI-powered security vulnerability scanner for MCP (Model Context Protocol) servers with automatic fixes, secret detection, and multi-channel alerts
dfx-mcp-scanner is an open-source CLI tool for scanning Model Context Protocol (MCP) servers to detect malicious tools, data exfiltration, and supply chain risks. It is designed for security engineers managing AI agent infrastructure.
Security scanner for MCP (Model Context Protocol) servers - pentest your AI agent's tool connections
mcp-audits is an open-source CLI tool that scans, enumerates, and risk-scores permissions on locally configured MCP servers. It is designed for security engineers and AI infrastructure operators to ensure safe and compliant access control in AI systems.
ShieldMCP is a web-based security scanner that analyzes Model Context Protocol (MCP) configuration files for vulnerabilities, including permission risks, exposed secrets, and supply chain threats. It provides instant feedback and actionable fixes, helping MCP administrators secure their deployments efficiently.
mcp-strike is an open-source command-line tool designed for active, runtime adversarial testing of Model Context Protocol (MCP) servers. It helps security engineers and red teams identify vulnerabilities and weaknesses by simulating attacks and scanning for issues. The tool supports automated security assessments and is freely available under the MIT license.
mcpsnare is an open-source CLI tool that actively scans Model Context Protocol (MCP) servers for vulnerabilities using confirmation-driven techniques. It is designed for security professionals to automate security assessments and penetration testing of MCP endpoints.
guardmcp is an open-source CLI tool that scans MCP server configurations for security issues, including secrets, injection vulnerabilities, and authentication problems. It maps findings to the OWASP MCP Top 10, helping security engineers and DevOps teams secure their deployments.
mcp-surfaceprint is an open-source CLI tool that allows users to inspect what an MCP server exposes before connecting to it. It helps security engineers and AI infrastructure teams audit and verify server configurations for safe integration with agent systems.
ai-agentic-mcpscan is an open-source command-line tool that provides local-first, offline-by-default security posture scanning for Model Context Protocol (MCP) and local-agent environments. It is intended for security engineers and teams managing agent-based infrastructures.
mcp-bandit is an open-source command-line tool for scanning Model Context Protocol (MCP) servers for security vulnerabilities, including prompt injection and SSRF. It is designed for security engineers to audit and analyze MCP deployments.
hexis-mcp-guard is an open-source command-line tool that scans Model Context Protocol (MCP) servers for security vulnerabilities. It checks for issues such as misconfigurations and exposed secrets, helping administrators secure their MCP deployments. Designed for security engineers and server admins.
mcp-checkup is an open-source CLI utility that audits MCP server setups, measuring context tax and hygiene. It helps AI infrastructure engineers and developers ensure their Model Context Protocol servers are efficient and healthy by providing detailed health checks and token analysis.
Security scanner for MCP servers — detect prompt injection, credential leaks, exposed endpoints, and tool poisoning
mcpscore is an open-source CLI tool that analyzes MCP servers for compliance, quality, and protocol validation. It generates comprehensive reports to help developers and administrators ensure their Model Context Protocol servers meet required standards.
mcpfuzz is an open-source command-line tool for dynamically scanning Model Context Protocol (MCP) servers. It actively probes live servers with exploit payloads to identify vulnerabilities, supporting security researchers and penetration testers in automating MCP server assessments.
mcp-risk-linter is an open-source CLI tool that analyzes MCP server tools for readiness and security risks, including authentication, filesystem, shell, and network vulnerabilities. It helps developers and DevOps teams ensure safer deployments.
orisan-mcpscan is an open-source CLI tool for scanning Model Context Protocol (MCP) servers for security vulnerabilities. It operates locally, providing fast and private assessments for developers and security professionals.
mcp-secrets-guard is an open-source CLI tool that scans projects for AI and MCP-related secrets to prevent leaks. It is designed for developers and security teams to audit codebases before deployment.
Reconnaissance and known-issue scanner for Model Context Protocol (MCP) servers
MCPShield Agent is an open-source CLI tool that uses AI to scan and secure MCP servers. It automates vulnerability detection and integrates with agent-based security workflows, helping administrators maintain secure server environments.
mcp-fence is an open-source CLI tool for security scanning, protocol inspection, dynamic fuzzing, and sandboxed testing of Model Context Protocol (MCP) servers. It helps AI infrastructure engineers identify vulnerabilities and generate security reports.
MCPSafe is a web-based security scanner for Model Context Protocol servers. It performs pre-install audits using static analysis and multi-LLM consensus to detect vulnerabilities, typosquatting, and permission issues. Designed for developers and registry operators to ensure safe MCP deployments.
Linter for MCP (Model Context Protocol) config files used by Claude Desktop, Cursor, Cline, Windsurf, and Zed. CLI + library API.
mcpvet is an open-source CLI tool that combines testing, linting, and contract validation for MCP servers. It integrates with pytest and ESLint, streamlining the development and quality assurance process for developers working with the Model Context Protocol.
agentsec-cli is an open-source CLI tool that performs static security analysis on AI coding agents and Model Context Protocol (MCP) configurations. It helps developers and security teams identify vulnerabilities and misconfigurations in agent-based AI systems before deployment.
mcp-toolguard is an open-source CLI tool for contract testing, drift detection, and security checks on MCP servers. It integrates with CI pipelines and production environments to help DevOps engineers maintain server integrity.