Show HN: OSS MCP Security – Don't Blind Trust, Verify
10 days ago
- #MCP Security
- #AI Infrastructure
- #Vulnerability Detection
- Unified security framework for Model Context Protocol (MCP) servers to identify and prevent security risks.
- Quick Start Guide to get up and running in 3 minutes.
- Scanning capabilities with options to exclude test files, force fresh scans, and debug LLM responses.
- Security risks identified in MCP servers include command injection vulnerabilities, unrestricted URL fetches, and file leaks.
- Features include smart filtering, reduced false positives, DRY pattern management, cache control, and debug mode.
- Installation requires Python 3.11+, Git, and UV package manager.
- Scanning commands for GitHub repositories, local directories, and system-wide scans.
- Real-time monitoring, detailed reports, and test detection capabilities.
- Common issues and troubleshooting steps for module not found errors, permission errors, and dashboard startup.
- Security threats categorized by severity (CRITICAL, HIGH, MEDIUM, LOW, MINIMAL) and type (COMMAND_INJECTION, DATA_EXFILTRATION, etc.).
- API usage examples for checking tools and scanning systems.
- Environment variables for configuration and custom policy creation.
- Performance metrics and future roadmap items.
- Open-source contribution guidelines and areas for improvement.
- License details and contact information for support.