Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"io-github-bawbel-bawbel-scanner": {
"args": [
"bawbel-scanner"
],
"command": "uvx"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
The only open-source scanner that produces OWASP AIVSS scores for MCP servers and skill files. Never executes code.
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
uvx 'bawbel-scanner' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Five weighted categories — click any category to see the underlying evidence.
No known CVEs.
Checked bawbel-scanner against OSV.dev.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in security
AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.
Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.
Model Context Protocol for WinDBG
Security scanner for GitHub repos, Agent Skills, Plugins, and MCP servers. 18 scanners. Zero dependencies.
MCP Security Weekly
Get CVE alerts and security updates for io.github.bawbel/bawbel-scanner and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
The only open-source scanner that produces OWASP AIVSS scores for MCP servers and skill files. Never executes code.
Bawbel never executes your MCP servers.
pip install "bawbel-scanner[all]"
bawbel scan ./skills/ # scan skill files
bawbel ssc https://server # scan MCP server without starting it
| Command | Description |
|---|---|
bawbel scan <path> | Scan a skill file or directory for AVE vulnerabilities. Supports --recursive, --format text|json|sarif, --fail-on-severity, --no-ignore, --watch |
bawbel report <path> | Scan a component and show a full remediation guide with fix guidance per finding |
bawbel creds <path> | Focused scan — hardcoded credentials and secret exposure only |
bawbel chain <path> | Focused scan — unsafe agent delegation chains only |
bawbel ssc <url> | Fetch and scan an MCP server-card for AVE vulnerabilities without starting the server |
bawbel scan-server-card <url> | Alias for ssc |
bawbel conform <target> | Score an MCP server manifest against the MCP specification (A+ to F grade) |
bawbel scan-conformance <target> | Alias for conform |
bawbel accept <id> <file> | Mark a finding as a false positive or accepted risk — inserts a justified suppression comment with reviewer and optional expiry |
bawbel pin <path> | Hash skill files and save to .bawbel-pins.json for rug pull detection |
bawbel check-pins <path> | Check skill files for drift against .bawbel-pins.json |
bawbel cp <path> | Alias for check-pins |
bawbel init | Initialise Bawbel Scanner in a project — generates .bawbelignore and bawbel.yml |
bawbel version | Show version and detection engine status |
| Bawbel | Snyk agent-scan | ClawGuard | Cisco DefenseClaw | |
|---|---|---|---|---|
| Executes MCP servers during scan | Never | Yes | No | Sandboxed |
| Open vulnerability database | Yes (48 records, public API) | No | No | No |
| OWASP AIVSS v0.8 scores | Yes | No | No | No |
| Toxic flow detection | Yes (12 chains) | No | No | No |
| Conformance grading (A+ to F) | Yes | No | No | No |
| Git-committed rug pull detection | Yes | Local only | No | No |
| Justified suppression with expiry | Yes | No | No | No |
| License | Apache 2.0 | Apache 2.0 | MIT | Proprietary |
How a scan flows from your file to an AIVSS-scored finding:
your file
|
v
[ Pre-processing ]
code fence stripping
negation context detection
|
v
[ Detection engines ] (run in parallel)
1a Pattern 40 regex rules, stdlib only, always on
1b YARA 39 binary/behav
... [View full README on GitHub](https://github.com/bawbel/bawbel-scanner#readme)