Medusa
medusa-security · by Pantheon-Security
AI-first security scanner with 76 analyzers, 9,600+ detection rules, and repo poisoning detection for AI/ML, LLM agents, and MCP servers. Scan any GitHub repo with: medusa scan --git user/repo
No known CVEs
AGPL-3.0 license
Actively maintained
Last commit 6d ago
Works with most clients
Transport: stdio, sse, http
0 tools
Grade F
Step 1
Install in your client
Config is the same across clients — only the file and path differ.
CD
Supported in Claude Desktopstdio, sse, http · Node 18+
Paste into ~/Library/Application Support/Claude/claude_desktop_config.json
{
"mcpServers": {
"medusa": {
"args": [
"medusa-security"
],
"command": "uvx"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
Embed in your READMEAbout badges →
[](https://mcppedia.org/s/medusa)
Read me
What Medusa does
AI-first security scanner with 9,600+ detection patterns for AI/ML, agents, and LLM applications. 🤖 Works out of the box - no tool installation required. 🚨 200 CVEs: Log4Shell, Spring4Shell, XZ Utils, LangChain RCE, MCP-Remote RCE, React2Shell 🔥 NEW: medusa scan --git — Scan any repo for AI supply chain attacks (repo poisoning, prompt injection, MCP tool poisoning) ✨ v2026.5.2: Security hardening — credential leak fixes, XSS protection, symlink safety, code snippet sanitization, 14 bug
Test This Server
This server supports HTTP transport. Be the first to test it — help the community know if it works.
Scored, not listed
Why this score
Five weighted categories — click any category to see the underlying evidence.
Score breakdown
63/100across 5 weighted dimensions
0255075100
23
15
15
10
−37
Security
Maintenance
Efficiency
Documentation
Compatibility
Categoriesclick a row to see evidence
Security
OSV.devNo known CVEs.
Checked medusa-security against OSV.dev.
Community
Reviews
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
How easy was setup?Did it work reliably?How was the documentation?
Sign in to write a review.
Frequently Asked Questions
- Is Medusa safe to use?
- Medusa has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under AGPL-3.0.
- How do I install Medusa?
- Medusa supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
- What AI clients work with Medusa?
- Medusa is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
- Is Medusa actively maintained?
- Medusa is actively maintained — last commit was 6 days ago. It has 476 GitHub stars.
Related
Similar servers
Others in ai-ml / security
Memory MCP Server98Persistent memory using a knowledge graph
85.9k 5
Antigravity Workspace Template96Workspace template + MCP server for Claude Code, Codex CLI, Cursor & Windsurf. Multi-agent knowledge engine (ag-refresh / ag-ask) that turns any codebase into a queryable AI assistant.
1.2k 2
Context Mode95Privacy-first. MCP is the protocol for tool access. We're the virtualization layer for context.
15.1k 6
Gemini Cli95An open-source AI agent that brings the power of Gemini directly into your terminal.
104.3k 8
MCP Security Weekly
Get CVE alerts and security updates for Medusa and similar servers.
Community
Discussion
Start a conversation
Ask a question, share a tip, or report an issue.
Has anyone used this with Cursor?How do you handle auth?Any alternatives?
Sign in to join the discussion.