Is Secure Hulk safe to use?

Secure Hulk has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install Secure Hulk?

Secure Hulk can be installed by cloning its GitHub repository and following the setup instructions in the README.

What AI clients work with Secure Hulk?

Secure Hulk is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio transport.

Is Secure Hulk actively maintained?

Secure Hulk is less actively maintained — last commit was 313 days ago. It has 7 GitHub stars.

Secure Hulk

Name: Secure Hulk
Author: AppiumTestDistribution

by AppiumTestDistribution

Secure-Hulk is a security scanner for Model Context Protocol (MCP) servers and tools. It helps identify potential security vulnerabilities in MCP configurations, such as prompt injection, tool poisoning, cross-origin escalation, data exfiltration, and toxic agent flows.

7 0 tools GitHub

No known CVEs

No license

Stale

Last commit 313d ago

Untested

Transport: stdio

0 tools

Grade F

AI / ML Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Untested on Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "secure-hulk": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/secure-hulk)](https://mcppedia.org/s/secure-hulk)

Read me

What Secure Hulk does

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

17/100across 5 weighted dimensions

How we score →

0255075100

−83

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Help improve this page

This server is missing a description. Tools and install config are also missing.If you've used it, help the community.

Add information

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Secure Hulk safe to use?: Secure Hulk has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Secure Hulk?: Secure Hulk can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with Secure Hulk?: Secure Hulk is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio transport.
Is Secure Hulk actively maintained?: Secure Hulk is less actively maintained — last commit was 313 days ago. It has 7 GitHub stars.

Similar servers

Others in ai-ml / security

View all →

Sequential Thinking MCP Server98

Dynamic problem-solving through sequential thought chains

84.0k 1

XcodeBuildMCP97

A Model Context Protocol (MCP) server and CLI that provides tools for agent use when working on iOS and macOS projects.

5.2k 2

Gemini Cli95

An open-source AI agent that brings the power of Gemini directly into your terminal.

101.6k 8

Python Sdk95

The official Python SDK for Model Context Protocol servers and clients

22.7k 1

MCP Security Weekly

Get CVE alerts and security updates for Secure Hulk and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

AI / ML Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Untested on Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "secure-hulk": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/secure-hulk)](https://mcppedia.org/s/secure-hulk)

Read me

What Secure Hulk does

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

README

Secure-Hulk

Security scanner for Model Context Protocol servers and tools.

Overview

Features

Scan MCP configurations for security vulnerabilities
Detect prompt injection attempts
Identify tool poisoning vulnerabilities
Check for cross-origin escalation risks
Monitor for data exfiltration attempts
Detect toxic agent flows - Multi-step attacks that manipulate agents into unintended actions
Privilege escalation detection - Identify attempts to escalate from public to private access
Cross-resource attack detection - Monitor suspicious access patterns across multiple resources
Indirect prompt injection detection - Catch attacks through external content processing
Generate HTML reports of scan results
Whitelist approved entities

Installation

npm install
npm run build

Usage

Scanning MCP Configurations

# Scan well-known MCP configuration paths
npm i secure-hulk

# Scan specific configuration files
secure-hulk scan /path/to/config.json

# Generate HTML report
secure-hulk scan --html report.html /path/to/config.json

# Enable verbose output
secure-hulk scan -v /path/to/config.json

# Output results in JSON format
secure-hulk scan -j /path/to/config.json

Using OpenAI Moderation API for Harmful Content Detection

Secure-Hulk now supports using OpenAI's Moderation API to detect harmful content in entity descriptions. This provides a more robust detection mechanism for identifying potentially harmful, unsafe, or unethical content.

To use the OpenAI Moderation API:

secure-hulk scan --use-openai-moderation --openai-api-key YOUR_API_KEY /path/to/config.json

Options:

--use-openai-moderation: Enable OpenAI Moderation API for prompt injection detection
--openai-api-key <key>: Your OpenAI API key
--openai-moderation-model <model>: OpenAI Moderation model to use (default: 'omni-moderation-latest')

The OpenAI Moderation API provides several advantages:

More accurate detection: The API uses advanced AI models to detect harmful content, which can catch subtle harmful content that pattern matching might miss.
Categorized results: The API provides detailed categories for flagged content (hate, harassment, self-harm, sexual content, violence, etc.), helping you understand the specific type of harmful content detected.
Confidence scores: Each category includes a confidence score, allowing you to set appropriate thresholds for your use case.
Regular updates: The API is regularly updated to detect new types of harmful content as OpenAI's policies evolve.

The API can detect content in these categories:

Hate speech
Harassment
Self-harm
Sexual content
Violence
Illegal activities
Deception

If the OpenAI Moderation API check fails for any reason, Secure-Hulk will automatically fall back to pattern-based detection for prompt injection vulnerabilities.

Using Hugging Face Safety Models for Content Detection

Secure-Hulk now supports Hugging Face safety models for advanced AI-powered content moderation. This provides additional options beyond OpenAI's Moderation API, including open-source models and specialized toxicity detection.

To use Hugging Face safety models:

secure-hulk scan --use-huggingface-guardrails --huggingface-api-token YOUR_HF_TOKEN /path/to/config.json

Options:

--use-huggingface-guardrails: Enable Hugging Face safety models for content detection
--huggingface-api-token <token>: Your Hugging Face API token
--huggingface-model <model>: Specific model to use (default: 'unit

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

17/100across 5 weighted dimensions

How we score →

0255075100

−83

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Help improve this page

This server is missing a description. Tools and install config are also missing.If you've used it, help the community.

Add information

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Secure Hulk safe to use?: Secure Hulk has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Secure Hulk?: Secure Hulk can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with Secure Hulk?: Secure Hulk is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio transport.
Is Secure Hulk actively maintained?: Secure Hulk is less actively maintained — last commit was 313 days ago. It has 7 GitHub stars.