Is Driftcop safe to use?

Driftcop has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install Driftcop?

Driftcop supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What AI clients work with Driftcop?

Driftcop is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.

Is Driftcop actively maintained?

Driftcop is actively maintained — last commit was 11 days ago. It has 11 GitHub stars.

Driftcop

Name: Driftcop
Author: sudoviz

driftcop · by sudoviz

AI powered SAST tool for MCP servers to detect MCP server drift detection and tracking via SigStore + Web UI for Enterprise Users

11 0 tools GitHub PyPI

No known CVEs

No license

Actively maintained

Last commit 11d ago

Works with most clients

Transport: stdio, sse, http

0 tools

Grade F

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "driftcop": {
      "args": [
        "driftcop"
      ],
      "command": "uvx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/driftcop)](https://mcppedia.org/s/driftcop)

Read me

What Driftcop does

The ultrafast-fast security cop keeping your MCP servers locked-in and locked-down.

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

uvx 'driftcop' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

54/100across 5 weighted dimensions

How we score →

0255075100

−46

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

Checked driftcop against OSV.dev.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Driftcop safe to use?: Driftcop has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Driftcop?: Driftcop supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with Driftcop?: Driftcop is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is Driftcop actively maintained?: Driftcop is actively maintained — last commit was 11 days ago. It has 11 GitHub stars.

Similar servers

Others in security

View all →

Evil Mcp Server93

An evil MCP server used for redteam testing

30 1

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

8.7k 3

Iam Policy Autopilot90

IAM Policy Autopilot is an open source static code analysis tool that helps you quickly create baseline AWS IAM policies that you can refine as your application evolves. This tool is available as a command-line utility and MCP server for use within AI coding assistants for quickly building IAM policies.

361 1

io.github.peacprotocol/peac90

Signed receipts for agent, API, and MCP interactions. Portable and offline-verifiable.

11 5

MCP Security Weekly

Get CVE alerts and security updates for Driftcop and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "driftcop": {
      "args": [
        "driftcop"
      ],
      "command": "uvx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/driftcop)](https://mcppedia.org/s/driftcop)

Read me

What Driftcop does

The ultrafast-fast security cop keeping your MCP servers locked-in and locked-down.

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

uvx 'driftcop' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

README

DriftCop.
The ultrafast-fast security cop keeping your MCP servers locked-in and locked-down.

🎯 What is DriftCop?

Drift-Cop is your Enterprise grade MCP security scanner based CLI + live dashboard that spots dangerous drift in AI tools. It spots injection hacks, and CVEs, signs every change in SigStore. Drift-Cop is designed to help AI developers and InfoSec organizations identify, track, and mitigate security vulnerabilities in MCP server implementations they use from external untrusted sources.

🔥 Why Drift-Cop?

Spot the Drift instantly – Diff every manifest, dependency and workspace change against golden baselines in real-time.
Attack-aware Scanning – Rug-pull, typosquat, supply-chain & prompt-injection rules baked-in and update daily.
Actionable Autopilot – AI-generated fixes, PR suggestions and Slack/SIEM alerts 🚨.
Two-Piece Powerhouse – Lightweight CLI + Cloud Control-Plane give you end-to-end coverage without vendor lock-in.

“We caught an auth-bypass typo before it hit production. Drift-Cop paid for itself on day one.” – A Very Happy DevOps Lead

Drift-Cop is a defensive security platform designed to help developers and organizations identify, track, and mitigate security vulnerabilities in MCP server implementations. It consists of two main components working seamlessly together to provide end-to-end security coverage.

🎥 Demo Video

🎬 Click to watch the Drift-Cop demo video

Real-time drift monitoring and approval workflow

📦 Components

1. MCP Security Scanner (mcp-sec)

A powerful command-line security scanner that performs deep analysis of MCP servers, codebases, and dependencies.

Key Features:

Multi-Layer Scanning: Comprehensive analysis of server manifests, workspace code, and dependencies
Advanced Threat Detection:
- Typosquatting detection using Levenshtein distance and TF-IDF similarity
- Semantic drift analysis powered by LLM to detect mismatches between descriptions and capabilities
- Prompt injection pattern detection including hidden characters and system manipulation
- Known CVE scanning in dependencies
Cryptographic Security:
- SHA-256 based tool hashing with canonical JSON representation
- Sigstore integration for digital signatures (DSSE envelope format)
- Version tracking to detect unauthorized changes
- Lock file management for manifest pinning
Language Support: Extracts MCP tool definitions from 10+ languages using Tree-sitter AST parsing
Flexible Reporting: Markdown, JSON, and SARIF formats for CI/CD integration

2. MCP Security Web UI (mcp-sec-web)

A modern React-based dashboard providing real-time visualizati

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

54/100across 5 weighted dimensions

How we score →

0255075100

−46

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

Checked driftcop against OSV.dev.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Driftcop safe to use?: Driftcop has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Driftcop?: Driftcop supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with Driftcop?: Driftcop is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is Driftcop actively maintained?: Driftcop is actively maintained — last commit was 11 days ago. It has 11 GitHub stars.