Open Source Security Tool

mcp-safeguard

The security scanner for MCP servers — detect prompt injection, exposed credentials, endpoint risks, and tool poisoning before they reach production.

$ pip install mcp-safeguard
GitHub Stars PyPI version License
15+ Injection Rules
17 Credential Patterns
28 Endpoint Probes
73 Tests
CVSS Severity Scoring

What it catches

Four critical attack surfaces scanned automatically on every run.

💉

Prompt Injection Detection

Identifies tool descriptions, parameter names, and response bodies that attempt to hijack LLM behavior through embedded instructions.

15+ rules
🔑

Credential Scanning

Detects hardcoded API keys, tokens, passwords, and secrets across tool schemas and server responses before they leak to users.

17 patterns
🌐

Endpoint Exposure

Probes for unauthenticated admin routes, debug endpoints, and over-permissive CORS policies that attackers can pivot through.

28 probes
☠️

Tool Poisoning

Catches maliciously crafted tool definitions that abuse agent trust to execute unauthorized actions or exfiltrate data silently.

CVSS scored

Get started in 60 seconds

Install, point, scan.

1

Install from PyPI

pip install mcp-safeguard
2

Run a scan against your MCP server

mcp-safeguard scan http://localhost:8000
3

Review findings with CVSS scores

Results are printed to stdout and optionally exported as JSON or SARIF for CI integration.

mcp-safeguard scan http://localhost:8000 --output report.json