How to read this report
Key results
Scores vs counts — read this first
Used for Security Score, Area sub-scores, and the trend chart. Like a health rating: 100 = best, 0 = worst. These are not percentages and not “% of tests passed.”
Issues found (e.g. 21), severity rows (5 critical), checks run (20), and tools (6) are totals — how many items MCTS counted, not points out of 100.
Security Score
Security points · 0 = worst · 100 = best · Not a percentage
Grade —
—
Issues found
Each row is a separate security finding MCTS flagged.
| Severity | Count | Meaning |
|---|---|---|
| Total | 0 |
Area sub-scores (security points)
Each value is points out of 100 for that area (100 = no findings in that bucket). They are not percentages and not the same formula as the main Security Score above.
Security checks (counts)
These numbers are how many checks ran or passed — not scores out of 100. Risk categories group related analyzers; a category fails if any analyzer in that group found issues.
Needs your attention
Start with Critical, then High severity items.
Checks that passed
Each check below ran with no matches — click for what was inspected and what “passed” means.
Security Posture Summary
Security Summary
Recommended Actions
Risk Score Breakdown
Security score over time
Points out of 100 per scan — not a percentage.
No scan history yet
Run mcts scan at least twice from the same project folder. History is stored in mcts_analysis/history.json.
Security score ranges
Where your score (points out of 100, not %) falls on the scale.
Issues to Fix
Every security problem MCTS found, sorted by severity. Fix Critical and High items first.
| Severity | Finding | Location | Technique | CWE | Category | OWASP | Affected Tool | Confidence | Remediation |
|---|
MCTS-T Technique Map
Regression technique coverage for this scan.
Tool Capability Matrix
Inferred capability flags per discovered MCP tool.
All Security Checks
Every analyzer MCTS ran — expand any card to see what it checked, OWASP mapping, and techniques.
Passed Checks
Passed = no pattern matches in this scan scope. Expand a card to see what was inspected and framework coverage.
Checks With Findings
Attack Paths
How tools could be chained together for a multi-step attack (read → exfiltrate, etc.).
Each arrow shows a possible step between tools.
OWASP Mapping
How findings map to OWASP LLM and MCP Top 10 categories.
OWASP LLM Top 10
Industry-standard categories for LLM application security.
OWASP MCP Top 10
MCP-specific risk categories — gaps mirror compliance meta-findings when analyzers did not cover a category.
How to Fix
Prioritized remediation steps — P1 is most urgent.
Raw Data
Full machine-readable scan JSON for automation and debugging.