{"passport":{"unfragile":{"@version":"1.0","version":"2026-05","artifact":{"id":"npm_npm-pshkvmcp-scanner","slug":"npm-pshkvmcp-scanner","name":"@pshkv/mcp-scanner","type":"mcp","url":"https://www.npmjs.com/package/@pshkv/mcp-scanner","page_url":"https://unfragile.ai/npm-pshkvmcp-scanner","categories":["mcp-servers","code-review-security"],"tags":["mcp","security","ai-safety","llm","policy-gateway","sint","owasp","agent-security"],"pricing":{"model":"open_source","free":true,"starting_price":null},"status":"active","verified":false},"capabilities":[{"id":"npm_npm-pshkvmcp-scanner__cap_0","uri":"capability://safety.moderation.mcp.server.tool.definition.static.analysis","name":"mcp server tool definition static analysis","description":"Parses and analyzes MCP (Model Context Protocol) server tool definitions to extract schema, parameters, and capabilities without executing the server. Uses AST-like traversal of tool manifests to build a semantic model of available functions, their input/output contracts, and permission requirements for downstream security evaluation.","intents":["I need to audit what tools an MCP server exposes before connecting it to my LLM agent","I want to understand the full capability surface of an MCP server without running it","I need to extract tool schemas from MCP servers for policy enforcement"],"best_for":["AI safety teams building policy gateways for agent tool access","DevOps engineers vetting third-party MCP servers before deployment","LLM application builders implementing tool-use guardrails"],"limitations":["Analyzes only static tool definitions — cannot detect runtime behavior or side effects not declared in schema","Requires MCP server to be accessible or tool definitions to be provided in advance; no dynamic discovery of undocumented tools","Limited to tools exposed via MCP protocol; cannot analyze tools injected through other mechanisms"],"requires":["Node.js 16+","Access to MCP server endpoint or exported tool definition files","@modelcontextprotocol/sdk or compatible MCP server implementation"],"input_types":["MCP server configuration","Tool definition JSON/YAML","MCP server endpoint URL"],"output_types":["structured tool inventory","parameter schema analysis","risk assessment report"],"categories":["safety-moderation","tool-use-integration"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"npm_npm-pshkvmcp-scanner__cap_1","uri":"capability://safety.moderation.risk.classification.and.severity.scoring.for.tool.capabilities","name":"risk classification and severity scoring for tool capabilities","description":"Evaluates extracted tool definitions against a configurable risk taxonomy (likely OWASP-aligned or custom policy rules) to assign severity scores and risk categories. Implements pattern matching on tool names, parameters, and descriptions to detect high-risk operations (file system access, network calls, credential handling) and generates a scored risk report for policy decision-making.","intents":["I need to flag dangerous tools (e.g., shell execution, file deletion) before an agent can use them","I want to assign risk scores to tools so I can enforce graduated access policies","I need to generate a compliance report showing which tools violate our security policies"],"best_for":["Enterprise security teams implementing tool-use policies for LLM agents","Compliance officers auditing AI agent capabilities against security standards","Platform teams building multi-tenant agent systems with tool access controls"],"limitations":["Risk classification is heuristic-based on tool metadata; cannot detect actual risk from tool implementation details or undocumented side effects","Requires well-formed tool descriptions and parameter documentation to classify accurately; poorly documented tools may be misclassified","Policy rules are static; cannot adapt to novel attack patterns or zero-day tool misuse without manual rule updates"],"requires":["Node.js 16+","Extracted tool definitions from MCP server analysis","Risk policy configuration (built-in defaults or custom rules)"],"input_types":["tool definition objects","tool metadata (name, description, parameters)","policy rule configuration"],"output_types":["risk score (numeric)","severity category (critical/high/medium/low)","risk explanation/justification","policy violation flags"],"categories":["safety-moderation","data-processing-analysis"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"npm_npm-pshkvmcp-scanner__cap_2","uri":"capability://safety.moderation.policy.based.tool.access.gating.and.decision.engine","name":"policy-based tool access gating and decision engine","description":"Implements a policy evaluation engine that takes risk classifications and applies configurable allow/deny/require-approval rules to determine whether an LLM agent should be permitted to call a specific tool. Supports policy composition (e.g., 'block all file system tools', 'require approval for network calls') and integrates with MCP server request interception to enforce decisions at runtime.","intents":["I want to block certain tool categories (e.g., shell execution) from all agents automatically","I need to require human approval before an agent can call high-risk tools","I want to enforce different tool policies for different user roles or agent types"],"best_for":["Platform teams building agent-as-a-service systems with multi-tenant tool isolation","Enterprise security teams implementing least-privilege access for agent tool use","AI safety researchers prototyping agent guardrails and policy frameworks"],"limitations":["Policy enforcement is at the MCP server layer; cannot prevent tool misuse if agent has direct access to tools outside MCP","Policies are static and evaluated synchronously; no support for dynamic policy updates without server restart","No built-in audit logging or approval workflow integration — requires external systems for compliance tracking"],"requires":["Node.js 16+","MCP scanner instance with risk classifications","Policy configuration file or API","MCP server integration point for request interception"],"input_types":["tool risk classifications","policy rules (JSON/YAML)","agent/user context","tool invocation requests"],"output_types":["allow/deny decision","approval requirement flag","policy violation reason","audit log entry"],"categories":["safety-moderation","automation-workflow"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"npm_npm-pshkvmcp-scanner__cap_3","uri":"capability://safety.moderation.tool.parameter.validation.and.schema.enforcement","name":"tool parameter validation and schema enforcement","description":"Validates tool invocation parameters against extracted MCP tool schemas to detect parameter injection, type mismatches, and constraint violations before execution. Implements JSON schema validation with custom rules for dangerous parameter patterns (e.g., shell metacharacters in command parameters, file paths outside allowed directories) and generates detailed validation reports.","intents":["I want to prevent prompt injection attacks via tool parameters (e.g., shell commands in string parameters)","I need to enforce type and constraint validation on tool inputs to prevent malformed requests","I want to detect and block attempts to access files outside a sandboxed directory via path traversal in tool parameters"],"best_for":["Security teams implementing input validation for agent-driven tool calls","Developers building sandboxed agent environments with strict parameter constraints","Teams protecting against prompt injection and parameter tampering attacks"],"limitations":["Validation is schema-based; cannot detect semantic attacks (e.g., a legitimate file path that happens to be sensitive)","Custom validation rules must be manually configured per tool; no automatic detection of dangerous parameter patterns","Performance overhead scales with parameter complexity; deeply nested or large parameter objects may cause latency"],"requires":["Node.js 16+","Tool schema definitions from MCP scanner","Parameter validation rules (built-in or custom)","Tool invocation context"],"input_types":["tool schema (JSON schema format)","parameter values (JSON)","validation rule configuration"],"output_types":["validation pass/fail","detailed error messages","sanitized parameter values","violation report"],"categories":["safety-moderation","data-processing-analysis"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"npm_npm-pshkvmcp-scanner__cap_4","uri":"capability://automation.workflow.audit.logging.and.compliance.reporting.for.tool.access","name":"audit logging and compliance reporting for tool access","description":"Records all tool access decisions (allowed, denied, approved) with context (agent identity, user, timestamp, tool name, parameters, risk classification) to an audit log. Generates compliance reports summarizing tool usage patterns, policy violations, and high-risk tool invocations for security review and regulatory compliance (SOC 2, HIPAA, etc.).","intents":["I need to log all tool access for compliance audits and incident investigation","I want to generate reports showing which agents accessed which tools and when","I need to track policy violations and approval workflows for compliance documentation"],"best_for":["Enterprise teams subject to compliance requirements (SOC 2, HIPAA, PCI-DSS)","Security teams conducting incident response and forensic analysis of agent behavior","Compliance officers generating audit reports for regulatory reviews"],"limitations":["Audit logs are in-memory or file-based by default; no built-in persistence to external systems (requires integration with SIEM/logging platform)","Log retention and rotation policies must be configured externally; no built-in log lifecycle management","Compliance report generation is template-based; customization requires code changes"],"requires":["Node.js 16+","MCP scanner instance with policy enforcement","Logging configuration (file path, format, retention)","Optional: external logging service (e.g., Datadog, Splunk, CloudWatch)"],"input_types":["tool access events","policy decisions","agent/user context","risk classifications"],"output_types":["audit log entries (JSON/CSV)","compliance reports (PDF/HTML)","usage analytics","violation summaries"],"categories":["automation-workflow","safety-moderation"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"npm_npm-pshkvmcp-scanner__cap_5","uri":"capability://safety.moderation.configurable.risk.policy.rules.and.custom.rule.authoring","name":"configurable risk policy rules and custom rule authoring","description":"Provides a rule engine for defining custom risk classification and access control policies using a declarative configuration format (likely YAML or JSON DSL). Supports rule composition, conditional logic (e.g., 'block tool X if parameter Y contains Z'), and integration with external policy sources. Enables teams to define organization-specific security policies without code changes.","intents":["I want to define custom risk rules for tools specific to my organization's threat model","I need to enforce different policies for different agent types or user roles","I want to update security policies without redeploying the MCP scanner"],"best_for":["Enterprise security teams with custom threat models and compliance requirements","Platform teams managing multiple agent deployments with varying security postures","Organizations needing rapid policy iteration during security incidents"],"limitations":["Rule engine is likely synchronous and single-threaded; complex rule sets may add latency to tool access decisions","No built-in version control or rollback for policy changes; requires external systems for policy governance","Rule syntax and capabilities depend on DSL design; may be limited compared to full programming language"],"requires":["Node.js 16+","MCP scanner instance","Policy rule configuration file or API","Understanding of rule syntax and semantics"],"input_types":["rule definitions (YAML/JSON)","tool metadata","agent/user context","risk classifications"],"output_types":["policy decision (allow/deny/require-approval)","rule match explanation","policy violation report"],"categories":["safety-moderation","automation-workflow"],"confidence":0.5,"matches":0,"success_rate":0}],"trust":{"score":31,"verified":false,"data_access_risk":"high","permissions":["Node.js 16+","Access to MCP server endpoint or exported tool definition files","@modelcontextprotocol/sdk or compatible MCP server implementation","Extracted tool definitions from MCP server analysis","Risk policy configuration (built-in defaults or custom rules)","MCP scanner instance with risk classifications","Policy configuration file or API","MCP server integration point for request interception","Tool schema definitions from MCP scanner","Parameter validation rules (built-in or custom)"],"failure_modes":["Analyzes only static tool definitions — cannot detect runtime behavior or side effects not declared in schema","Requires MCP server to be accessible or tool definitions to be provided in advance; no dynamic discovery of undocumented tools","Limited to tools exposed via MCP protocol; cannot analyze tools injected through other mechanisms","Risk classification is heuristic-based on tool metadata; cannot detect actual risk from tool implementation details or undocumented side effects","Requires well-formed tool descriptions and parameter documentation to classify accurately; poorly documented tools may be misclassified","Policy rules are static; cannot adapt to novel attack patterns or zero-day tool misuse without manual rule updates","Policy enforcement is at the MCP server layer; cannot prevent tool misuse if agent has direct access to tools outside MCP","Policies are static and evaluated synchronously; no support for dynamic policy updates without server restart","No built-in audit logging or approval workflow integration — requires external systems for compliance tracking","Validation is schema-based; cannot detect semantic attacks (e.g., a legitimate file path that happens to be sensitive)","builder identity is not verified yet","no observed match outcomes yet"],"rank_breakdown":{"adoption":0.05,"quality":0.22,"ecosystem":0.6000000000000001,"match_graph":0.25,"freshness":0.75,"weights":{"adoption":0.25,"quality":0.25,"ecosystem":0.15,"match_graph":0.23,"freshness":0.12}},"observed_outcomes":{"matches":0,"success_rate":0,"avg_confidence":0,"top_intents":[],"last_matched_at":null},"maintenance":{"status":"active","updated_at":"2026-05-24T12:16:24.482Z","last_scraped_at":"2026-05-03T14:23:50.139Z","last_commit":null},"community":{"stars":null,"forks":null,"weekly_downloads":null,"model_downloads":null,"model_likes":null}},"distribution":{"claim_url":"https://unfragile.ai/submit?claim=npm-pshkvmcp-scanner","compare_url":"https://unfragile.ai/compare?artifact=npm-pshkvmcp-scanner"}},"signature":"k+HEgiDdSe/9Gd//1XXR2XtqSgvQxktImza3opa9t83N1w+58WMgbhlR3VwTvHawy5IzkJx9FqvIkfVu5avXCw==","signedAt":"2026-06-20T01:07:33.568Z","signedBy":"unfragile.ai","version":1},"_links":{"self":"https://unfragile.ai/api/v1/passport/npm-pshkvmcp-scanner","artifact":"https://unfragile.ai/npm-pshkvmcp-scanner","verify":"https://unfragile.ai/api/v1/verify?slug=npm-pshkvmcp-scanner","publicKey":"https://unfragile.ai/api/v1/trust-passport-public-key","spec":"https://unfragile.ai/trust","schema":"https://unfragile.ai/schema.json","docs":"https://unfragile.ai/docs"}}