Mcpsec

MCPSec

Security 扫描器 for 模型 上下文 Protocol (MCP) server configurations. Covers all 10 OWASP MCP Top 10 risk categories via pfrederiksen/mcpsec — an Apache 2.0 open-source Go binary.

⚠️ Trust 模型 & Security Considerations

This 技能 扫描s MCP config files that may contAIn API keys and 令牌s. Read this before 安装ing.

Supply chAIn

The mcpsec binary is an external artifact from GitHub. Mitigate supply chAIn risk by 验证ing the SHA256 before 运行ning — do not skip this step.

Pinned 检查sums for v1.0.0:

e367cce46b1a152ccc8aedf2eeca5c6bcf5523b379a00a3f3704d61bf2b4fbca linux_amd64 98e6ccf883b3a40cea817e19cecd5dc66ae1816bdaf0a58f7fcd8a46576321b0 linux_arm64 5ab2db3cc517f67600ace32f6dfacb15b2ce0b77319797a0431b105466379f3b darwin_amd64 a9ea3b8d753f0332ddc7720a9778f870f42f523b589d12d8eed5030befa52ee9 darwin_arm64

For stronger guarantees, build from source: git clone https://github.com/pfrederiksen/mcpsec && cd mcpsec && make build

Sensitive data 访问

MCP config files may contAIn API keys and 令牌s. The 扫描器 reads them to 检测 hardcoded secrets (MCP04) but does not write, transmit, or 记录 them. The wr应用er script (扫描.py) makes no network calls. The binary makes no network calls per its source, but this 技能 cannot enforce the binary's 运行time behavior — review the source or 运行 in an isolated 环境 if you require certAInty.

Network behavior Wr应用er script: no network calls mcpsec binary: no network calls per source; cannot be verified at 运行time by this 技能 Isolation

For high-security 环境s, 运行 in a contAIner or VM, or 审计 the mcpsec binary source before use.

Usage # Auto-discover and 扫描 all known MCP config locations python3 scripts/扫描.py

# 扫描 a specific config file python3 scripts/扫描.py ~/库/应用\ Support/Claude/claude_桌面_config.json

# Only show critical and high findings python3 scripts/扫描.py --severity critical,high

# JSON 输出 (for 仪表盘s/SIEM) python3 scripts/扫描.py --格式化 json

# Quiet mode: only 输出 if findings exist (good for cron) python3 scripts/扫描.py --quiet

安装ing mcpsec # macOS (Homebrew — tap is mAIntAIned by pfrederiksen) brew 安装 pfrederiksen/tap/mcpsec

# Linux amd64 — 验证 SHA256 BEFORE 提取ing curl -L https://github.com/pfrederiksen/mcpsec/releases/下载/v1.0.0/mcpsec_1.0.0_linux_amd64.tar.gz -o mcpsec.tar.gz echo "e367cce46b1a152ccc8aedf2eeca5c6bcf5523b379a00a3f3704d61bf2b4fbca mcpsec.tar.gz" | sha256sum -c - # Only proceed if the above prints "mcpsec.tar.gz: OK" tar -xzf mcpsec.tar.gz && mv mcpsec /usr/local/bin/mcpsec && chmod +x /usr/local/bin/mcpsec

# Build from source (strongest supply chAIn guarantee) git clone https://github.com/pfrederiksen/mcpsec && cd mcpsec && make build sudo mv mcpsec /usr/local/bin/

What It 扫描s

Auto-discovers configs at these paths:

~/库/应用 Support/Claude/claude_桌面_config.json (Claude 桌面) ~/库/应用 Support/Claude/Claude 扩展s/ (DXT 扩展s) ~/.cursor/mcp.json (Cursor) ~/.vscode/mcp.json (VS Code) ~/.OpenClaw/workspace/mcp-config.json (custom) OWASP MCP Top 10 Coverage ID Risk Severity MCP01 Prompt injection in 工具 descriptions High MCP02 Excessive 工具 权限s Critical/High MCP03 Missing authentication Critical/High MCP04 Hardcoded secrets in env vars Critical MCP05 Unsafe resource URIs (SSRF) High MCP06 工具 definition spoofing High/Medium MCP07 In安全 transport (HTTP, weak TLS) Critical/High MCP08 Missing 输入 验证 模式s Medium MCP09 Missing 记录ging/审计 config Medium/High MCP10 No rate limiting Medium Security De签名 (wr应用er script) subprocess used exclusively with shell=False All file paths 验证d agAInst an allow列出 pattern before use All 异常s caught by specific type — no bare except Full type hints and docstrings throughout Read-only — no config files are modified 系统 访问 Reads: MCP config JSON files at known paths (or paths you specify) 执行s: mcpsec 扫描 binary — reads local config files only; no network calls per up流 source, but this cannot be enforced by the wr应用er No writes, no network calls from the wr应用er script Sensitive data note: config files may contAIn API keys or 令牌s; mcpsec reads them to 检测 hardcoded secrets but does not transmit them Requirements Python 3.10+ mcpsec binary on PATH — see 安装 instructions above