What can @pshkv/mcp-scanner do?

mcp server tool definition static analysis, risk classification and severity scoring for tool capabilities, policy-based tool access gating and decision engine, tool parameter validation and schema enforcement, audit logging and compliance reporting for tool access, configurable risk policy rules and custom rule authoring

@pshkv/mcp-scanner

MCP ServerFree

SINT MCP Security Scanner — analyze MCP server tool definitions for risk

Open Source

/ 100

6 capabilities

Capabilities6 decomposed

mcp server tool definition static analysis

Medium confidence

Parses and analyzes MCP (Model Context Protocol) server tool definitions to extract schema, parameters, and capabilities without executing the server. Uses AST-like traversal of tool manifests to build a semantic model of available functions, their input/output contracts, and permission requirements for downstream security evaluation.

Solves for

I need to audit what tools an MCP server exposes before connecting it to my LLM agentI want to understand the full capability surface of an MCP server without running itI need to extract tool schemas from MCP servers for policy enforcement

Best for

AI safety teams building policy gateways for agent tool access

DevOps engineers vetting third-party MCP servers before deployment

LLM application builders implementing tool-use guardrails

Requires

Node.js 16+

Access to MCP server endpoint or exported tool definition files

@modelcontextprotocol/sdk or compatible MCP server implementation

Limitations

Analyzes only static tool definitions — cannot detect runtime behavior or side effects not declared in schema

Requires MCP server to be accessible or tool definitions to be provided in advance; no dynamic discovery of undocumented tools

Limited to tools exposed via MCP protocol; cannot analyze tools injected through other mechanisms

What makes it unique

Purpose-built for MCP protocol semantics rather than generic API scanning; understands MCP-specific tool metadata patterns and integrates with MCP server lifecycle

vs alternatives

Specialized for MCP servers vs. generic API security scanners that lack MCP protocol awareness and context-specific risk patterns

risk classification and severity scoring for tool capabilities

Medium confidence

Evaluates extracted tool definitions against a configurable risk taxonomy (likely OWASP-aligned or custom policy rules) to assign severity scores and risk categories. Implements pattern matching on tool names, parameters, and descriptions to detect high-risk operations (file system access, network calls, credential handling) and generates a scored risk report for policy decision-making.

Solves for

I need to flag dangerous tools (e.g., shell execution, file deletion) before an agent can use themI want to assign risk scores to tools so I can enforce graduated access policiesI need to generate a compliance report showing which tools violate our security policies

Best for

Enterprise security teams implementing tool-use policies for LLM agents

Compliance officers auditing AI agent capabilities against security standards

Platform teams building multi-tenant agent systems with tool access controls

Requires

Node.js 16+

Extracted tool definitions from MCP server analysis

Risk policy configuration (built-in defaults or custom rules)

Limitations

Risk classification is heuristic-based on tool metadata; cannot detect actual risk from tool implementation details or undocumented side effects

Requires well-formed tool descriptions and parameter documentation to classify accurately; poorly documented tools may be misclassified

Policy rules are static; cannot adapt to novel attack patterns or zero-day tool misuse without manual rule updates

What makes it unique

Integrates SINT (Security Intent) framework for MCP-specific risk patterns; likely includes rules for common dangerous MCP tool patterns (e.g., arbitrary code execution, credential exposure via tool parameters)

vs alternatives

Purpose-built risk taxonomy for MCP tools vs. generic API security scoring that doesn't understand agent-specific threat models

policy-based tool access gating and decision engine

Medium confidence

Implements a policy evaluation engine that takes risk classifications and applies configurable allow/deny/require-approval rules to determine whether an LLM agent should be permitted to call a specific tool. Supports policy composition (e.g., 'block all file system tools', 'require approval for network calls') and integrates with MCP server request interception to enforce decisions at runtime.

Solves for

I want to block certain tool categories (e.g., shell execution) from all agents automaticallyI need to require human approval before an agent can call high-risk toolsI want to enforce different tool policies for different user roles or agent types

Best for

Platform teams building agent-as-a-service systems with multi-tenant tool isolation

Enterprise security teams implementing least-privilege access for agent tool use

AI safety researchers prototyping agent guardrails and policy frameworks

Requires

Node.js 16+

MCP scanner instance with risk classifications

Policy configuration file or API

Limitations

Policy enforcement is at the MCP server layer; cannot prevent tool misuse if agent has direct access to tools outside MCP

Policies are static and evaluated synchronously; no support for dynamic policy updates without server restart

No built-in audit logging or approval workflow integration — requires external systems for compliance tracking

What makes it unique

Integrates directly with MCP server request pipeline for real-time gating; supports context-aware policies (agent identity, user role, tool category) rather than static blocklists

vs alternatives

Operates at MCP protocol layer for native integration vs. external proxy-based gating that adds latency and requires protocol translation

tool parameter validation and schema enforcement

Medium confidence

Validates tool invocation parameters against extracted MCP tool schemas to detect parameter injection, type mismatches, and constraint violations before execution. Implements JSON schema validation with custom rules for dangerous parameter patterns (e.g., shell metacharacters in command parameters, file paths outside allowed directories) and generates detailed validation reports.

Solves for

I want to prevent prompt injection attacks via tool parameters (e.g., shell commands in string parameters)I need to enforce type and constraint validation on tool inputs to prevent malformed requestsI want to detect and block attempts to access files outside a sandboxed directory via path traversal in tool parameters

Best for

Security teams implementing input validation for agent-driven tool calls

Developers building sandboxed agent environments with strict parameter constraints

Teams protecting against prompt injection and parameter tampering attacks

Requires

Node.js 16+

Tool schema definitions from MCP scanner

Parameter validation rules (built-in or custom)

Limitations

Validation is schema-based; cannot detect semantic attacks (e.g., a legitimate file path that happens to be sensitive)

Custom validation rules must be manually configured per tool; no automatic detection of dangerous parameter patterns

Performance overhead scales with parameter complexity; deeply nested or large parameter objects may cause latency

What makes it unique

Combines JSON schema validation with MCP-specific parameter risk patterns; includes built-in rules for common injection vectors in agent tool calls (shell metacharacters, path traversal, SQL injection signatures)

vs alternatives

MCP-native validation vs. generic JSON schema validators that lack agent-specific threat context and injection pattern detection

audit logging and compliance reporting for tool access

Medium confidence

Records all tool access decisions (allowed, denied, approved) with context (agent identity, user, timestamp, tool name, parameters, risk classification) to an audit log. Generates compliance reports summarizing tool usage patterns, policy violations, and high-risk tool invocations for security review and regulatory compliance (SOC 2, HIPAA, etc.).

Solves for

I need to log all tool access for compliance audits and incident investigationI want to generate reports showing which agents accessed which tools and whenI need to track policy violations and approval workflows for compliance documentation

Best for

Enterprise teams subject to compliance requirements (SOC 2, HIPAA, PCI-DSS)

Security teams conducting incident response and forensic analysis of agent behavior

Compliance officers generating audit reports for regulatory reviews

Requires

Node.js 16+

MCP scanner instance with policy enforcement

Logging configuration (file path, format, retention)

Limitations

Audit logs are in-memory or file-based by default; no built-in persistence to external systems (requires integration with SIEM/logging platform)

Log retention and rotation policies must be configured externally; no built-in log lifecycle management

Compliance report generation is template-based; customization requires code changes

What makes it unique

Integrates audit logging directly into MCP request pipeline; captures full context (agent identity, parameters, risk score, policy decision) in structured format for compliance and forensic analysis

vs alternatives

Native MCP integration for complete audit trail vs. external logging that may miss context or require manual correlation of events

configurable risk policy rules and custom rule authoring

Medium confidence

Provides a rule engine for defining custom risk classification and access control policies using a declarative configuration format (likely YAML or JSON DSL). Supports rule composition, conditional logic (e.g., 'block tool X if parameter Y contains Z'), and integration with external policy sources. Enables teams to define organization-specific security policies without code changes.

Solves for

I want to define custom risk rules for tools specific to my organization's threat modelI need to enforce different policies for different agent types or user rolesI want to update security policies without redeploying the MCP scanner

Best for

Enterprise security teams with custom threat models and compliance requirements

Platform teams managing multiple agent deployments with varying security postures

Organizations needing rapid policy iteration during security incidents

Requires

Node.js 16+

MCP scanner instance

Policy rule configuration file or API

Limitations

Rule engine is likely synchronous and single-threaded; complex rule sets may add latency to tool access decisions

No built-in version control or rollback for policy changes; requires external systems for policy governance

Rule syntax and capabilities depend on DSL design; may be limited compared to full programming language

What makes it unique

Declarative rule engine designed for MCP-specific threat patterns; supports context-aware rules (agent identity, tool category, parameter content) without requiring code changes

vs alternatives

Declarative policy configuration vs. hard-coded policies that require code changes and redeployment for policy updates

Capabilities are decomposed by AI analysis. Each maps to specific user intents and improves with match feedback.

Related Artifactssharing capabilities

Artifacts that share capabilities with @pshkv/mcp-scanner, ranked by overlap. Discovered automatically through the match graph.

MCP Server25

secure-mcp-server

MCP server: secure-mcp-server

tool exposure with capability-based access controlmcp server initialization with security-first configurationpolicy enforcement and compliance validation

3 shared capabilities

MCP Server24

@toolrank/mcp-server

ToolRank MCP Server — Score and optimize MCP tool definitions for AI agent discovery. The first ATO (Agent Tool Optimization) tool.

mcp tool definition scoring and rankingmcp tool definition validation and schema analysis

2 shared capabilities

CLI Tool33

agentseal

Security toolkit for AI agents. Scan your machine for dangerous skills and MCP configs, monitor for supply chain attacks, test prompt injection resistance, and audit live MCP servers for tool poisoning.

mcp-configuration-validationlive-mcp-server-tool-poisoning-audit

2 shared capabilities

MCP Server32

mcpsafetywarden

A security layer for MCP wraps any MCP server to add behavioral profiling, LLM-powered security scanning, schema tamper detection, risk gating, cross-tool exfiltration analysis and lot more. Drop it in front of your existing MCP servers to get visibility into what tools are actually doing before the

risk gating for tool interactionsbehavioral profiling for mcp tools

2 shared capabilities

MCP Server25

mcp-tool-lint

Static linter for MCP tool definitions — catch quality defects before deployment

tool dependency and integration checkingmcp tool definition schema validation

2 shared capabilities

MCP Server28

@mcptoolgate/client

MCP Tool Gate client for Claude Desktop - secure MCP tool governance with human-in-the-loop approvals

tool risk classification and dynamic approval rules

1 shared capability

Best For

✓AI safety teams building policy gateways for agent tool access
✓DevOps engineers vetting third-party MCP servers before deployment
✓LLM application builders implementing tool-use guardrails
✓Enterprise security teams implementing tool-use policies for LLM agents
✓Compliance officers auditing AI agent capabilities against security standards
✓Platform teams building multi-tenant agent systems with tool access controls
✓Platform teams building agent-as-a-service systems with multi-tenant tool isolation
✓Enterprise security teams implementing least-privilege access for agent tool use

Known Limitations

⚠Analyzes only static tool definitions — cannot detect runtime behavior or side effects not declared in schema
⚠Requires MCP server to be accessible or tool definitions to be provided in advance; no dynamic discovery of undocumented tools
⚠Limited to tools exposed via MCP protocol; cannot analyze tools injected through other mechanisms
⚠Risk classification is heuristic-based on tool metadata; cannot detect actual risk from tool implementation details or undocumented side effects
⚠Requires well-formed tool descriptions and parameter documentation to classify accurately; poorly documented tools may be misclassified
⚠Policy rules are static; cannot adapt to novel attack patterns or zero-day tool misuse without manual rule updates

Requirements

Node.js 16+Access to MCP server endpoint or exported tool definition files@modelcontextprotocol/sdk or compatible MCP server implementationExtracted tool definitions from MCP server analysisRisk policy configuration (built-in defaults or custom rules)MCP scanner instance with risk classificationsPolicy configuration file or APIMCP server integration point for request interception

Input / Output

Accepts: MCP server configuration, Tool definition JSON/YAML, MCP server endpoint URL, tool definition objects, tool metadata (name, description, parameters), policy rule configuration, tool risk classifications, policy rules (JSON/YAML), agent/user context, tool invocation requests, tool schema (JSON schema format), parameter values (JSON), validation rule configuration, tool access events, policy decisions, risk classifications, rule definitions (YAML/JSON), tool metadata

Produces: structured tool inventory, parameter schema analysis, risk assessment report, risk score (numeric), severity category (critical/high/medium/low), risk explanation/justification, policy violation flags, allow/deny decision, approval requirement flag, policy violation reason, audit log entry, validation pass/fail, detailed error messages, sanitized parameter values, violation report, audit log entries (JSON/CSV), compliance reports (PDF/HTML), usage analytics, violation summaries, policy decision (allow/deny/require-approval), rule match explanation, policy violation report

UnfragileRank

Adoption5%(25% weight)

Quality12%(25% weight)

Ecosystem50%(15% weight)

Match Graph25%(30% weight)

Freshness75%(5% weight)

UnfragileRank is computed from adoption signals, documentation quality, ecosystem connectivity, match graph feedback, and freshness. No artifact can pay for a higher rank.

Type: MCP Server

6 capabilities

Visit @pshkv/mcp-scanner→

Package Details

npm

Registry

0.1.0

Version

Weekly Downloads

About

SINT MCP Security Scanner — analyze MCP server tool definitions for risk

Alternatives to @pshkv/mcp-scanner

GitHub Copilot70Extension

Your AI pair programmer

Compare →

Supabase69Platform

Search the Supabase docs for up-to-date guidance and troubleshoot errors quickly. Manage organizations, projects, databases, and Edge Functions, including migrations, SQL, logs, advisors, keys, and type generation, in one flow. Create and manage development branches to iterate safely, confirm costs

Compare →

langchain63Framework

Typescript bindings for langchain

Compare →

ChatGPT62Extension

GPT-4,Key-free,Free of charge,免Key,免魔法,免注册,免费

Compare →

Are you the builder of @pshkv/mcp-scanner?

Claim this artifact to get a verified badge, access match analytics, see which intents users search for, and manage your listing.

Claim this artifact →Verification via email

Get the weekly brief

New tools, rising stars, and what's actually worth your time. No spam.

Data Sources

mcp registry

Looking for something else?

Search →

Capabilities6 decomposed

mcp server tool definition static analysis

Medium confidence

Solves for

Best for

AI safety teams building policy gateways for agent tool access

DevOps engineers vetting third-party MCP servers before deployment

LLM application builders implementing tool-use guardrails

Requires

Node.js 16+

Access to MCP server endpoint or exported tool definition files

@modelcontextprotocol/sdk or compatible MCP server implementation

Limitations

Analyzes only static tool definitions — cannot detect runtime behavior or side effects not declared in schema

Requires MCP server to be accessible or tool definitions to be provided in advance; no dynamic discovery of undocumented tools

Limited to tools exposed via MCP protocol; cannot analyze tools injected through other mechanisms

What makes it unique

Purpose-built for MCP protocol semantics rather than generic API scanning; understands MCP-specific tool metadata patterns and integrates with MCP server lifecycle

vs alternatives

Specialized for MCP servers vs. generic API security scanners that lack MCP protocol awareness and context-specific risk patterns

risk classification and severity scoring for tool capabilities

Medium confidence

Solves for

Best for

Enterprise security teams implementing tool-use policies for LLM agents

Compliance officers auditing AI agent capabilities against security standards

Platform teams building multi-tenant agent systems with tool access controls

Requires

Node.js 16+

Extracted tool definitions from MCP server analysis

Risk policy configuration (built-in defaults or custom rules)

Limitations

Risk classification is heuristic-based on tool metadata; cannot detect actual risk from tool implementation details or undocumented side effects

Requires well-formed tool descriptions and parameter documentation to classify accurately; poorly documented tools may be misclassified

Policy rules are static; cannot adapt to novel attack patterns or zero-day tool misuse without manual rule updates

What makes it unique

vs alternatives

Purpose-built risk taxonomy for MCP tools vs. generic API security scoring that doesn't understand agent-specific threat models

policy-based tool access gating and decision engine

Medium confidence

Solves for

Best for

Platform teams building agent-as-a-service systems with multi-tenant tool isolation

Enterprise security teams implementing least-privilege access for agent tool use

AI safety researchers prototyping agent guardrails and policy frameworks

Requires

Node.js 16+

MCP scanner instance with risk classifications

Policy configuration file or API

Limitations

Policy enforcement is at the MCP server layer; cannot prevent tool misuse if agent has direct access to tools outside MCP

Policies are static and evaluated synchronously; no support for dynamic policy updates without server restart

No built-in audit logging or approval workflow integration — requires external systems for compliance tracking

What makes it unique

Integrates directly with MCP server request pipeline for real-time gating; supports context-aware policies (agent identity, user role, tool category) rather than static blocklists

vs alternatives

Operates at MCP protocol layer for native integration vs. external proxy-based gating that adds latency and requires protocol translation

tool parameter validation and schema enforcement

Medium confidence

Solves for

Best for

Security teams implementing input validation for agent-driven tool calls

Developers building sandboxed agent environments with strict parameter constraints

Teams protecting against prompt injection and parameter tampering attacks

Requires

Node.js 16+

Tool schema definitions from MCP scanner

Parameter validation rules (built-in or custom)

Limitations

Validation is schema-based; cannot detect semantic attacks (e.g., a legitimate file path that happens to be sensitive)

Custom validation rules must be manually configured per tool; no automatic detection of dangerous parameter patterns

Performance overhead scales with parameter complexity; deeply nested or large parameter objects may cause latency

What makes it unique

vs alternatives

MCP-native validation vs. generic JSON schema validators that lack agent-specific threat context and injection pattern detection

audit logging and compliance reporting for tool access

Medium confidence

Solves for

Best for

Enterprise teams subject to compliance requirements (SOC 2, HIPAA, PCI-DSS)

Security teams conducting incident response and forensic analysis of agent behavior

Compliance officers generating audit reports for regulatory reviews

Requires

Node.js 16+

MCP scanner instance with policy enforcement

Logging configuration (file path, format, retention)

Limitations

Audit logs are in-memory or file-based by default; no built-in persistence to external systems (requires integration with SIEM/logging platform)

Log retention and rotation policies must be configured externally; no built-in log lifecycle management

Compliance report generation is template-based; customization requires code changes

What makes it unique

Integrates audit logging directly into MCP request pipeline; captures full context (agent identity, parameters, risk score, policy decision) in structured format for compliance and forensic analysis

vs alternatives

Native MCP integration for complete audit trail vs. external logging that may miss context or require manual correlation of events

configurable risk policy rules and custom rule authoring

Medium confidence

Solves for

Best for

Enterprise security teams with custom threat models and compliance requirements

Platform teams managing multiple agent deployments with varying security postures

Organizations needing rapid policy iteration during security incidents

Requires

Node.js 16+

MCP scanner instance

Policy rule configuration file or API

Limitations

Rule engine is likely synchronous and single-threaded; complex rule sets may add latency to tool access decisions

No built-in version control or rollback for policy changes; requires external systems for policy governance

Rule syntax and capabilities depend on DSL design; may be limited compared to full programming language

What makes it unique

Declarative rule engine designed for MCP-specific threat patterns; supports context-aware rules (agent identity, tool category, parameter content) without requiring code changes

vs alternatives

Declarative policy configuration vs. hard-coded policies that require code changes and redeployment for policy updates

Capabilities are decomposed by AI analysis. Each maps to specific user intents and improves with match feedback.

Alternatives to @pshkv/mcp-scanner

GitHub Copilot70Extension

Your AI pair programmer

Compare →

Supabase69Platform

Compare →

langchain63Framework

Typescript bindings for langchain

Compare →

ChatGPT62Extension

GPT-4,Key-free,Free of charge,免Key,免魔法,免注册,免费

Compare →

@pshkv/mcp-scanner

Capabilities6 decomposed

mcp server tool definition static analysis

risk classification and severity scoring for tool capabilities

policy-based tool access gating and decision engine

tool parameter validation and schema enforcement

audit logging and compliance reporting for tool access

configurable risk policy rules and custom rule authoring

Related Artifactssharing capabilities

secure-mcp-server

@toolrank/mcp-server

agentseal

mcpsafetywarden

mcp-tool-lint

@mcptoolgate/client

Best For

Known Limitations

Requirements

Input / Output

UnfragileRank

Package Details

About

Categories

Alternatives to @pshkv/mcp-scanner

Are you the builder of @pshkv/mcp-scanner?

Get the weekly brief

Data Sources

@pshkv/mcp-scanner

Capabilities6 decomposed

mcp server tool definition static analysis

risk classification and severity scoring for tool capabilities

policy-based tool access gating and decision engine

tool parameter validation and schema enforcement

audit logging and compliance reporting for tool access

configurable risk policy rules and custom rule authoring

Related Artifactssharing capabilities

secure-mcp-server

@toolrank/mcp-server

agentseal

mcpsafetywarden

mcp-tool-lint

@mcptoolgate/client

Best For

Known Limitations

Requirements

Input / Output

UnfragileRank

Package Details

About

Categories

Alternatives to @pshkv/mcp-scanner

Are you the builder of @pshkv/mcp-scanner?

Get the weekly brief

Data Sources