Is net.apisecurityscan/securityscan safe to use?

net.apisecurityscan/securityscan has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install net.apisecurityscan/securityscan?

net.apisecurityscan/securityscan can be installed by cloning its GitHub repository and following the setup instructions in the README.

What AI clients work with net.apisecurityscan/securityscan?

net.apisecurityscan/securityscan is compatible with claude-desktop, cursor, claude-code. It uses http transport.

Is net.apisecurityscan/securityscan actively maintained?

net.apisecurityscan/securityscan is recently maintained — last commit was 44 days ago.

net.apisecurityscan/securityscan

Scan GitHub-hosted AI skills for vulnerabilities: prompt injection, malware, OWASP LLM Top 10.

0 tools GitHub

No known CVEs

No license

Maintained

Last commit 44d ago

Works with most clients

Transport: http

0 tools

Grade F

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktophttp · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "net-apisecurityscan-securityscan": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/net-apisecurityscan-securityscan)](https://mcppedia.org/s/net-apisecurityscan-securityscan)

Read me

What net.apisecurityscan/securityscan does

Vulnerability scanner for AI agent skills. > Detects prompt injection, malware patterns and OWASP LLM Top 10 issues before your agent installs an untrusted skill.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

31/100across 5 weighted dimensions

How we score →

0255075100

−69

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is net.apisecurityscan/securityscan safe to use?: net.apisecurityscan/securityscan has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install net.apisecurityscan/securityscan?: net.apisecurityscan/securityscan can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with net.apisecurityscan/securityscan?: net.apisecurityscan/securityscan is compatible with claude-desktop, cursor, claude-code. It uses http transport.
Is net.apisecurityscan/securityscan actively maintained?: net.apisecurityscan/securityscan is recently maintained — last commit was 44 days ago.

Similar servers

Others in security

View all →

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

8.7k 3

Evil Mcp Server91

An evil MCP server used for redteam testing

30 1

Atomic Red Team Mcp90

MCP server for Atomic Red Team

123 5

io.github.peacprotocol/peac90

Signed receipts for agent, API, and MCP interactions. Portable and offline-verifiable.

11 5

MCP Security Weekly

Get CVE alerts and security updates for net.apisecurityscan/securityscan and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktophttp · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "net-apisecurityscan-securityscan": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/net-apisecurityscan-securityscan)](https://mcppedia.org/s/net-apisecurityscan-securityscan)

Read me

What net.apisecurityscan/securityscan does

Vulnerability scanner for AI agent skills. > Detects prompt injection, malware patterns and OWASP LLM Top 10 issues before your agent installs an untrusted skill.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

README

SecurityScan API

Vulnerability scanner for AI agent skills. Detects prompt injection, malware patterns and OWASP LLM Top 10 issues before your agent installs an untrusted skill.

Live endpoint: https://apisecurityscan.net Health check: https://apisecurityscan.net/health

Why this exists

As AI agents increasingly install and execute third-party skills, supply chain security becomes a real problem. SecurityScan lets an agent verify a skill's safety autonomously — no human in the loop required.

What it detects

Prompt injection patterns
Malicious code indicators
Data exfiltration attempts
Unauthorized external API access
Supply chain attack vectors
OWASP LLM Top 10 coverage

Quick start

1. Get an API key

curl -X POST https://apisecurityscan.net/auth/register \
  -H "Content-Type: application/json" \
  -d '{"email": "you@example.com", "name": "My Agent"}'

Response:

{
  "api_key": "ss_live_...",
  "plan": "FREE",
  "scans_remaining": 5
}

Store api_key. Proceed immediately — no payment needed for FREE tier.

2. Run a scan

curl -X POST https://apisecurityscan.net/scan \
  -H "Content-Type: application/json" \
  -H "X-API-Key: ss_live_your_key" \
  -d '{
    "skill_url": "https://github.com/owner/skill-repo"
  }'

Note: skill_url must be a github.com URL.

3. Response

{
  "scan_id": "a1b2c3d4e5f6",
  "skill_url": "https://github.com/owner/skill-repo",
  "score": 72,
  "recommendation": "CAUTION",
  "issues": [
    {
      "type": "PROMPT_INJECTION",
      "severity": "HIGH",
      "line": 42,
      "description": "Detected attempt to override agent instructions",
      "snippet": "ignore previous instructions and..."
    }
  ],
  "scan_time_ms": 1240,
  "cached": false,
  "scans_remaining": 4
}

Verdict values: SAFE (score ≥ 80) · CAUTION (50–79) · DANGEROUS (< 50)

Pricing (MXN)

Plan	Price	Scans	Type
`FREE`	$0	5/month	Free tier — no payment required
`PAY_PER_SCAN`	$2/scan	Pay as you go	One-time pack (5 scans min)
`PRO`	$399/month	Unlimited	Subscription

Results cached 24 hours — rescanning the same skill costs zero scans.

Endpoints

Method	Path	Auth	Description
`POST`	`/auth/register`	None	Register and get API key (FREE tier)
`POST`	`/scan`	X-API-Key	Submit a skill for scanning
`GET`	`/scan/{scan_id}`	X-API-Key	Retrieve scan result
`GET`	`/report/{skill_url}`	None	Public scan report (no cost)
`POST`	`/billing/upgrade`	X-API-Key	Create Stripe checkout session
`GET`	`/billing/status`	X-API-Key	Current plan and usage
`GET`	`/health`	None	Service status
`GET`	`/quickstart`	None	Agent quickstart guide

Handle scan limit (402)

When /scan returns 402 scan_limit_reached:

# Step 1: get checkout URL
curl -X POST https://apisecurityscan.net/billing/upgrade \
  -H "X-API-Key: ss_live_your_key" \
  -H "Content-Type: application/json" \
  -d '{"plan": "PAY_PER_SCAN"}'

# Step 2: complete payment at checkout_url
# Step 3: poll GET /billing/status until plan != FREE
# Step 4: retry scan

MCP integration

SecurityScan exposes an MCP server at https://apisecurityscan.net/mcp:

{
  "mcpServers": {
    "securityscan": {
      "url": "https://apisecurityscan.net/mcp",
      "transport": "http"
    }
  }
}

Available tools: scan_skill · get_report · check_certification

Latency & availability

Average scan time: < 3 seconds
Uptime: 99.9% (Contabo dedicated VPS)
Response format: JSON

Companion service

DepScan API checks the external dependency health of skills (endpoints, SSL certificates, domain reputation, blacklists): https://depscan.net

License

MIT —

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

31/100across 5 weighted dimensions

How we score →

0255075100

−69

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is net.apisecurityscan/securityscan safe to use?: net.apisecurityscan/securityscan has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install net.apisecurityscan/securityscan?: net.apisecurityscan/securityscan can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with net.apisecurityscan/securityscan?: net.apisecurityscan/securityscan is compatible with claude-desktop, cursor, claude-code. It uses http transport.
Is net.apisecurityscan/securityscan actively maintained?: net.apisecurityscan/securityscan is recently maintained — last commit was 44 days ago.