mcp scan that scans any mcp server for indirect attack vectors and security or configuration vulnerabilities
Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"ramparts": {
"command": "<see-readme>",
"args": []
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
A fast, lightweight security scanner for Model Context Protocol (MCP) servers with built-in vulnerability detection.
This server supports HTTP transport. Be the first to test it — help the community know if it works.
Five weighted categories — click any category to see the underlying evidence.
No known CVEs.
No package registry to scan.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in security
Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.
AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.
Model Context Protocol for WinDBG
Security scanner for GitHub repos, Agent Skills, Plugins, and MCP servers. 18 scanners. Zero dependencies.
MCP Security Weekly
Get CVE alerts and security updates for Ramparts and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
A fast, lightweight security scanner for the agent stack — Model Context Protocol (MCP) servers AND AI agent skills (Claude Code commands, agentskills.io bundles, Cursor / Codex / Windsurf / Gemini equivalents) — with built-in vulnerability detection.
Ramparts scans the two surfaces an AI agent trusts most: the MCP servers it talks to over the network, and the skill files it loads from disk and executes by name. Both deliver untrusted instructions and tool grants into the agent's loop; ramparts applies the same security pipeline (YARA, LLM analysis, OWASP MCP Top 10 tagging) to both.
<name>/SKILL.md directories with sibling scripts/, references/, assets/). Each skill body becomes a synthetic MCP prompt that runs through the same analyzers; bundled scripts get scanned through YARA, name-vs-directory mismatches surface as HIGH-severity deception findings, and the agentskills.io name/charset rules are validated.Ramparts is under active development. Read our launch blog.
The MCP-and-skills attack surface is broad. MCP servers expose file systems, databases, APIs, and system commands — turning into attack vectors via tool poisoning, command injection, and data exfiltration without proper analysis. Agent skills carry the same risk profile (untrusted instructions an agent may follow) plus their own twists: skill-file allowed-tools grants that hand out unrestricted Bash, sensitive @<path> references that inline credentials into prompt context, name collisions that let one skill shadow another in the agent's router, and bundled scripts that ship arbitrary executable code. 📚 Security Features & Attack Vectors documents every detector ramparts ships with — across both MCP and skill scanning.
Ramparts provides security scanning of the MCP-and-skill ecosystem by: