SecureMCP is a security auditing tool designed to detect vulnerabilities and misconfigurations in applications using the [Model Context Protocol (MCP)](https://modelcontextprotocol.io/introduction). It proactively identifies threats like OAuth token leakage, prompt injection vulnerabilities, rogue MCP servers, and tool poisoning attacks.
Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"securemcp": {
"command": "<see-readme>",
"args": []
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
SecureMCP is a comprehensive security auditing tool designed to detect vulnerabilities and misconfigurations in applications using the Model Context Protocol (MCP). It proactively identifies threats like OAuth token leakage, prompt injection vulnerabilities, rogue MCP servers, and tool poisoning attacks.
No automated test available for this server. Check the GitHub README for setup instructions.
Five weighted categories — click any category to see the underlying evidence.
No known CVEs.
No package registry to scan.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in security
Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.
Model Context Protocol for WinDBG
Security scanner for GitHub repos, Agent Skills, Plugins, and MCP servers. 18 scanners. Zero dependencies.
MCP server for Atomic Red Team
MCP Security Weekly
Get CVE alerts and security updates for SecureMCP and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
SecureMCP is a comprehensive security auditing tool designed to detect vulnerabilities and misconfigurations in applications using the Model Context Protocol (MCP). It proactively identifies threats like OAuth token leakage, prompt injection vulnerabilities, rogue MCP servers, and tool poisoning attacks.
git clone https://github.com/makalin/SecureMCP.git
cd SecureMCP
make build
docker pull makalin/SecureMCP
# Basic scan
./securemcp scan --target https://your-mcp-server.com
# Scan with specific options
./securemcp scan --target https://your-mcp-server.com \
--scan-oauth \
--scan-prompt-injection \
--scan-authentication \
--timeout 30s
# Generate HTML report
./securemcp scan --target https://your-mcp-server.com --report html
# Generate JSON report
./securemcp scan --target https://your-mcp-server.com --report json
import "github.com/makalin/SecureMCP/internal/scanner"
// Create scanner instance
scanner := scanner.NewScanner()
// Basic scan
results, err := scanner.Scan("https://your-mcp-server.com")
// Scan with options
options := &scanner.ScanOptions{
ScanOAuth: true,
ScanPromptInjection: true,
ScanAuthentication: true,
TestPrompt: "your test prompt",
Timeout: 30 * time.Second,
}
results, err := scanner.ScanWithOptions(target, options)
import "github.com/makalin/SecureMCP/internal/report"
// Create report generator
generator := report.NewReportGenerator("reports")
// Generate report
report, err := generator.GenerateReport(target, results)
// Save as HTML
err = generator.SaveReport(report, "html")
// Save as JSON
err = generator.SaveReport(report, "json")
$ ./securemcp scan --target https://example-mcp-server.com
[+] Scanning Target: https://example-mcp-server.com
[!] Token storage vulnerability detected
[!] Prompt Injection vulnerability found in tool 'AutoSummary'
[!] Insecure authentication method detected
[+] Report saved to /reports/scan_2024_03_14_15_30_45.html
The HTML report includes:
{
"target": "https://example-mcp-server.com",
"scan_time": "2024-03-14T15:30:45Z",
"vulnerabilities": [
{
"type": "OAuth Token Vulnerability",
"severity": "high",
"description": "Token storage vulnerability detected",
"location": "https://example-mcp-server.com",
"remediation": "Implement secure token storage and proper
... [View full README on GitHub](https://github.com/makalin/SecureMCP#readme)