Is io.github.CSOAI-ORG/meok-mcp-injection-scan-mcp safe to use?

io.github.CSOAI-ORG/meok-mcp-injection-scan-mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install io.github.CSOAI-ORG/meok-mcp-injection-scan-mcp?

io.github.CSOAI-ORG/meok-mcp-injection-scan-mcp supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What AI clients work with io.github.CSOAI-ORG/meok-mcp-injection-scan-mcp?

io.github.CSOAI-ORG/meok-mcp-injection-scan-mcp is compatible with claude-desktop, cursor, claude-code. It uses http transport.

Is io.github.CSOAI-ORG/meok-mcp-injection-scan-mcp actively maintained?

io.github.CSOAI-ORG/meok-mcp-injection-scan-mcp is actively maintained — last commit was 11 days ago.

io.github.CSOAI-ORG/meok-mcp-injection-scan-mcp

meok-mcp-injection-scan-mcp

MCP injection / prompt-poisoning / SSRF scanner. 30+ canonical rules covering the April 2026 Anth...

0 tools GitHub PyPI

No known CVEs

No license

Actively maintained

Last commit 11d ago

Works with most clients

Transport: http

0 tools

Grade F

Edit this pageView history

Other

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktophttp · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "io-github-csoai-org-meok-mcp-injection-scan-mcp": {
      "args": [
        "meok-mcp-injection-scan-mcp"
      ],
      "command": "uvx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-csoai-org-meok-mcp-injection-scan-mcp)](https://mcppedia.org/s/io-github-csoai-org-meok-mcp-injection-scan-mcp)

Read me

What io.github.CSOAI-ORG/meok-mcp-injection-scan-mcp does

MCP injection / prompt-poisoning / SSRF scanner. 30+ canonical rules covering the April 2026 Anth...

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

uvx 'meok-mcp-injection-scan-mcp' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

54/100across 5 weighted dimensions

How we score →

0255075100

−46

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

Checked meok-mcp-injection-scan-mcp against OSV.dev.

Help improve this page

This server is missing a description. Tools and install config are also missing.If you've used it, help the community.

Add information

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.CSOAI-ORG/meok-mcp-injection-scan-mcp safe to use?: io.github.CSOAI-ORG/meok-mcp-injection-scan-mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.CSOAI-ORG/meok-mcp-injection-scan-mcp?: io.github.CSOAI-ORG/meok-mcp-injection-scan-mcp supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with io.github.CSOAI-ORG/meok-mcp-injection-scan-mcp?: io.github.CSOAI-ORG/meok-mcp-injection-scan-mcp is compatible with claude-desktop, cursor, claude-code. It uses http transport.
Is io.github.CSOAI-ORG/meok-mcp-injection-scan-mcp actively maintained?: io.github.CSOAI-ORG/meok-mcp-injection-scan-mcp is actively maintained — last commit was 11 days ago.

Similar servers

Others in other

View all →

io.github.wyre-technology/spanning-mcp90

MCP server for Spanning Cloud Backup — M365/GWS/Salesforce backups, restores, audit.

io.github.codeofaxel/kiln88

AI agent control of 3D printers — 432 tools for OctoPrint, Moonraker, Bambu, Prusa, Elegoo

18 11

io.github.wyre-technology/autotask-mcp88

MCP server for Kaseya Autotask PSA — companies, tickets, projects, time entries, and more.

36 6

io.github.AnchorRegistry/ar-mcp88

On-chain provenance lookup for AnchorRegistry. Resolve AR-IDs, hashes, and full trees. Authless.

MCP Security Weekly

Get CVE alerts and security updates for io.github.CSOAI-ORG/meok-mcp-injection-scan-mcp and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Other

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktophttp · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "io-github-csoai-org-meok-mcp-injection-scan-mcp": {
      "args": [
        "meok-mcp-injection-scan-mcp"
      ],
      "command": "uvx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-csoai-org-meok-mcp-injection-scan-mcp)](https://mcppedia.org/s/io-github-csoai-org-meok-mcp-injection-scan-mcp)

Read me

What io.github.CSOAI-ORG/meok-mcp-injection-scan-mcp does

MCP injection / prompt-poisoning / SSRF scanner. 30+ canonical rules covering the April 2026 Anth...

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

uvx 'meok-mcp-injection-scan-mcp' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

README

meok-mcp-injection-scan-mcp

Scan any MCP server for the prompt-injection / tool-poisoning / SSRF class disclosed in the April 2026 CVE wave.

pip install meok-mcp-injection-scan-mcp

Why this exists

April 2026 was a bad month for MCP. Anthropic published a "by-design" MCP RCE class affecting ~7,000 public servers (~150M downloads). mcp-server-git shipped a CVE chain. DockerDash got popped by an injection chain. Tool-description prompt injection ("tool poisoning") was demonstrated against every major MCP host.

If you run an MCP server in production, or you're auditing one before adoption, you need a fast scan that flags the patterns the April 2026 disclosures target. This MCP is that scan.

What it checks

30+ canonical rules across 5 severity tiers:

CRITICAL — direct RCE, system-prompt override, credential exfil patterns, shell metachars in defaults, file:// / internal-network URLs (the DockerDash 169.254.169.254 metadata-pivot vector).
HIGH — encoded payloads, imperative directives at the agent, supply-chain prompts, env-var references, tool shadowing.
MEDIUM — urgency / authority language, additionalProperties=true, unbounded strings, tool-name impersonation.
LOW — over-long descriptions, zero-width / bidi-override chars (the U+202E PoC vector).

Coverage maps to: OWASP LLM Top 10, GenAI Red Team v1, the April 2026 Anthropic MCP RCE disclosure, and the mcp-server-git CVE chain.

Tools exposed

Tool	Purpose
`scan_mcp_url(url)`	Fetch a remote MCP server's tool listing and scan it
`audit_tool_descriptions(tools_json)`	Scan a pasted JSON tool list (auth-walled servers)
`signed_safety_report(subject, findings_json, score, note)`	Issue a procurement-grade signed cert (Pro tier)
`list_rules()`	Inspect the full rule catalogue before subscribing
`pricing()`	Subscribe links + tier comparison

Pricing

Tier	Price	What you get
Free	£0	5 scans / day, no signed reports
Starter	£29/mo	Unlimited scans + signed reports
Pro	£79/mo	+ scheduled rescans + 48h support
Enterprise	£1,499/mo	+ custom rule packs + 4h SLA

Every signed cert lives at https://meok-attestation-api.vercel.app/verify/<cert_id> — auditors and procurement teams confirm without an account.

What you do NOT get

This is a static-pattern scanner. It does not run dynamic taint analysis, fuzz the server with adversarial inputs, or replace a human red-team. It is the first 80% of the audit, in 5 seconds, for free.

Built by MEOK AI Labs

Solo founder. London. 234 MCP packages on PyPI. Live signing infrastructure at meok-attestation-api.vercel.app. Storefront councilof.ai. Get the catalogue: `ht

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

54/100across 5 weighted dimensions

How we score →

0255075100

−46

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

Checked meok-mcp-injection-scan-mcp against OSV.dev.

Help improve this page

This server is missing a description. Tools and install config are also missing.If you've used it, help the community.

Add information

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.CSOAI-ORG/meok-mcp-injection-scan-mcp safe to use?: io.github.CSOAI-ORG/meok-mcp-injection-scan-mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.CSOAI-ORG/meok-mcp-injection-scan-mcp?: io.github.CSOAI-ORG/meok-mcp-injection-scan-mcp supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with io.github.CSOAI-ORG/meok-mcp-injection-scan-mcp?: io.github.CSOAI-ORG/meok-mcp-injection-scan-mcp is compatible with claude-desktop, cursor, claude-code. It uses http transport.
Is io.github.CSOAI-ORG/meok-mcp-injection-scan-mcp actively maintained?: io.github.CSOAI-ORG/meok-mcp-injection-scan-mcp is actively maintained — last commit was 11 days ago.

Similar servers

Others in other

View all →

io.github.wyre-technology/spanning-mcp90

MCP server for Spanning Cloud Backup — M365/GWS/Salesforce backups, restores, audit.

io.github.codeofaxel/kiln88

AI agent control of 3D printers — 432 tools for OctoPrint, Moonraker, Bambu, Prusa, Elegoo

18 11

io.github.wyre-technology/autotask-mcp88

MCP server for Kaseya Autotask PSA — companies, tickets, projects, time entries, and more.

36 6

io.github.AnchorRegistry/ar-mcp88

On-chain provenance lookup for AnchorRegistry. Resolve AR-IDs, hashes, and full trees. Authless.

MCP Security Weekly

Get CVE alerts and security updates for io.github.CSOAI-ORG/meok-mcp-injection-scan-mcp and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?