Is io.github.AgentSafe-AI/tooltrust-scanner safe to use?

io.github.AgentSafe-AI/tooltrust-scanner has 2 known CVEs tracked by MCPpedia. You can verify these on OSV.dev by searching for "@modelcontextprotocol/server-filesystem". Review the Security section above for details before installing.

How do I install io.github.AgentSafe-AI/tooltrust-scanner?

io.github.AgentSafe-AI/tooltrust-scanner supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What AI clients work with io.github.AgentSafe-AI/tooltrust-scanner?

io.github.AgentSafe-AI/tooltrust-scanner is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.

Is io.github.AgentSafe-AI/tooltrust-scanner actively maintained?

io.github.AgentSafe-AI/tooltrust-scanner is actively maintained — last commit was 5 days ago. It has 16 GitHub stars.

io.github.AgentSafe-AI/tooltrust-scanner

@modelcontextprotocol/server-filesystem

Scans MCP servers for prompt injection, data exfiltration, and privilege escalation.

16 241.3k/wk 0 tools GitHub npm

2 open CVEs

No license

Actively maintained

Last commit 5d ago

Works with most clients

Transport: stdio, sse, http

0 tools

Grade F

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "tooltrust": {
      "args": [
        "-y",
        "tooltrust-mcp"
      ],
      "command": "npx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-agentsafe-ai-tooltrust-scanner)](https://mcppedia.org/s/io-github-agentsafe-ai-tooltrust-scanner)

Read me

What io.github.AgentSafe-AI/tooltrust-scanner does

Trust grades (A–F) before your agent calls a tool — run as an MCP server, CLI, or CI check.

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y '@modelcontextprotocol/server-filesystem' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

54/100across 5 weighted dimensions

How we score →

0255075100

−46

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

2 open

CVE-2025-53110mediumCVSS 4

@modelcontextprotocol/server-filesystem vulnerability allows for path validation bypass via colliding path prefix

Versions of Filesystem prior to 0.6.3 & 2025.7.1 could allow access to unintended files in cases where the prefix matches an allowed directory. Users are advised to upgrade to 2025.7.1 to resolve the issue. Thank you to Elad Beber (Cymulate) for reporting these issues.

Affected: >= 0source →

CVE-2025-53109mediumCVSS 4

@modelcontextprotocol/server-filesystem allows for path validation bypass via prefix matching and symlink handling

Versions of Filesystem prior to 0.6.3 & 2025.7.1 could allow access to unintended files via symlinks within allowed directories. Users are advised to upgrade to 2025.7.1 to resolve. Thank you to Elad Beber (Cymulate) for reporting these issues.

Affected: >= 0source →

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.AgentSafe-AI/tooltrust-scanner safe to use?: io.github.AgentSafe-AI/tooltrust-scanner has 2 known CVEs tracked by MCPpedia. You can verify these on OSV.dev by searching for "@modelcontextprotocol/server-filesystem". Review the Security section above for details before installing.
How do I install io.github.AgentSafe-AI/tooltrust-scanner?: io.github.AgentSafe-AI/tooltrust-scanner supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with io.github.AgentSafe-AI/tooltrust-scanner?: io.github.AgentSafe-AI/tooltrust-scanner is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is io.github.AgentSafe-AI/tooltrust-scanner actively maintained?: io.github.AgentSafe-AI/tooltrust-scanner is actively maintained — last commit was 5 days ago. It has 16 GitHub stars.

Similar servers

Others in security

View all →

Evil Mcp Server93

An evil MCP server used for redteam testing

30 1

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

9.0k 3

io.github.jasonxkensei/xproof92

Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.

1 1

Mcpki Server92

mcpki-server is the backend infrastructure for https://www.mcpki.org, enabling secure public key management and autonomous certificate handling for large language models (LLMs).

MCP Security Weekly

Get CVE alerts and security updates for io.github.AgentSafe-AI/tooltrust-scanner and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "tooltrust": {
      "args": [
        "-y",
        "tooltrust-mcp"
      ],
      "command": "npx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-agentsafe-ai-tooltrust-scanner)](https://mcppedia.org/s/io-github-agentsafe-ai-tooltrust-scanner)

Read me

What io.github.AgentSafe-AI/tooltrust-scanner does

Trust grades (A–F) before your agent calls a tool — run as an MCP server, CLI, or CI check.

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y '@modelcontextprotocol/server-filesystem' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

README

ToolTrust Scanner

Static security scanner for MCP tool definitions
Trust grades (A–F) before your agent calls a tool — run as an MCP server, CLI, or CI check.

Every MCP tool your agent calls is an attack surface — prompt injection, data exfiltration, privilege escalation, supply-chain backdoors. ToolTrust scans tool definitions before your agent trusts them and assigns a trust grade (A–F) so you know the risk. ToolTrust is an MCP Server and a CLI/CI tool — not a host, gateway, or runtime proxy. Coverage is expanding beyond today’s MCP-focused workflows; skills and additional agent tool formats are on the roadmap.

Browse the live ToolTrust Directory — trust grades and scan-backed reports before you install.

MCP demo: run a full config scan from your agent.

Scan your setup in 30 seconds

Add ToolTrust as an MCP server and let your agent audit its own tools (stdio transport — no network listener; your host launches it as a subprocess):

{
  "mcpServers": {
    "tooltrust": {
      "command": "npx",
      "args": ["-y", "tooltrust-mcp"]
    }
  }
}

Then ask your agent: "Run tooltrust_scan_config"

It reads your MCP config, connects to each server in parallel, scans every tool, and returns a risk report with grades and enforcement decisions — all in seconds.

Or use the CLI:

curl -sfL https://raw.githubusercontent.com/AgentSafe-AI/tooltrust-scanner/main/install.sh | bash
tooltrust-scanner scan --server "npx -y @modelcontextprotocol/server-filesystem /tmp"

Example snapshot (research cohort)

The public ToolTrust Directory holds current grades and aggregates as scanning scales. One published research pass illustrates the shape of the problem — 207 MCP servers, 3,235 tools — not an exhaustive count of everything we scan today:

Metric	Count
MCP servers in cohort	207
Individual tools analyzed	3,235
Total security findings	3,613
Servers with at least one finding	145 (70%)
Servers with a clean Grade A	22 (10%)
Servers with arbitrary code execution	16

Only 10% of servers in that cohort had a clean Grade A. See tooltrust.dev for up-to-date directory-wide results (and use this table only as a labeled snapshot).

🔍 What it catches

ToolTrust runs 16 static tool-definition rules in this repo (AS-001–AS-011, AS-013–AS-017) plus 2 source-scan rules for embedded MCP implementations (AS-018, AS-019). AS-012 (tool drift) is

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

54/100across 5 weighted dimensions

How we score →

0255075100

−46

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

2 open

CVE-2025-53110mediumCVSS 4

@modelcontextprotocol/server-filesystem vulnerability allows for path validation bypass via colliding path prefix

Affected: >= 0source →

CVE-2025-53109mediumCVSS 4

@modelcontextprotocol/server-filesystem allows for path validation bypass via prefix matching and symlink handling

Affected: >= 0source →

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.AgentSafe-AI/tooltrust-scanner safe to use?: io.github.AgentSafe-AI/tooltrust-scanner has 2 known CVEs tracked by MCPpedia. You can verify these on OSV.dev by searching for "@modelcontextprotocol/server-filesystem". Review the Security section above for details before installing.
How do I install io.github.AgentSafe-AI/tooltrust-scanner?: io.github.AgentSafe-AI/tooltrust-scanner supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with io.github.AgentSafe-AI/tooltrust-scanner?: io.github.AgentSafe-AI/tooltrust-scanner is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is io.github.AgentSafe-AI/tooltrust-scanner actively maintained?: io.github.AgentSafe-AI/tooltrust-scanner is actively maintained — last commit was 5 days ago. It has 16 GitHub stars.

Similar servers

Others in security

View all →

Evil Mcp Server93

An evil MCP server used for redteam testing

30 1

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

9.0k 3

io.github.jasonxkensei/xproof92

Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.

1 1

Mcpki Server92

mcpki-server is the backend infrastructure for https://www.mcpki.org, enabling secure public key management and autonomous certificate handling for large language models (LLMs).

MCP Security Weekly

Get CVE alerts and security updates for io.github.AgentSafe-AI/tooltrust-scanner and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?