Pentesting Mcp Servers Checklist
A practical, community-driven checklist for pentesting MCP servers. Covers traffic analysis, tool-call behavior, namespace abuse, auth flows, and remote server risks. Maintained by Appsecco and licensed for remixing.
StaleNot tested
★ 31GitHub
18No CVEsstaleCC-BY-4.0
Quick Install
{
"mcpServers": {
"pentesting-mcp-servers-checklist": {
"command": "<see-readme>",
"args": []
}
}
}No install config available. Check the server's README for setup instructions.
Should you use this server?
A practical, community-driven checklist for pentesting MCP servers. Covers traffic analysis, tool-call behavior, namespace abuse, auth flows, and remote server risks. Maintained by Appsecco and licensed for remixing.
✓
Is it safe?
No package registry to scan.
No authentication — any process on your machine can connect.
CC-BY-4.0. View license →
~
Is it maintained?
Last commit 107 days ago. 31 stars.
i
Will it work with my client?
Transport: stdio. Works with Claude Desktop, Cursor, Claude Code, and most MCP clients.
Test This Server
No automated test available for this server. Check the GitHub README for setup instructions.
Help improve this page
This server is missing a description. Tools and install config are also missing.If you've used it, help the community.
Add informationScore Breakdown
Security
5/30No known vulnerabilities.
○
Known CVEs — No package registry to scan
○
Tool safety — No tools to analyze
○
Tool poisoning — No tools to analyze
○
Injection vectors — No tools to analyze
○
Tool stability — First scan — baseline recorded
○
Dependency health — No package to analyze
✓
License — License: CC-BY-4.0
○
Authentication — No authentication required
○