Is your MCP server secure?

Professional security audit for Model Context Protocol servers. Tool poisoning, SSRF, injection, and compliance โ€” checked in one scan.

Get Your Audit Report โ†’

From the researchers who found 20 vulnerabilities in Microsoft's MCP servers

We scanned 50 of the most popular MCP servers. 9 had security findings. Yours might too.

What You Get

๐Ÿ” Tool Description Analysis

Every tool scanned for poisoning indicators โ€” hidden instructions, zero-width characters, cross-server manipulation.

๐Ÿ›ก๏ธ Injection Testing

SQL injection, command injection, path traversal, SSRF โ€” tested against every tool parameter.

๐Ÿ“Š Risk Score

0-100 risk score with industry benchmark comparison. Know where you stand vs. other MCP servers.

๐Ÿ”ง Fix Guidance

Specific remediation for each finding โ€” code-level fixes, not generic advice.

๐Ÿ“‹ Compliance Check

EU AI Act readiness assessment for your MCP tool descriptions and data handling.

๐Ÿ“„ Professional Report

Shareable PDF report for your team, management, or compliance documentation.

How It Works

1

Submit your repo

Paste your MCP server's GitHub URL after checkout.

2

We scan it

Static analysis of every tool definition, parameter, and description. No code execution โ€” read-only.

3

Get your report

Delivered to your email within 24 hours. Risk score, findings, fixes, benchmarks.

Pricing

Single Audit

$29
  • Full security scan of one MCP server
  • Tool-by-tool analysis
  • Risk score with benchmarks
  • Code-level fix guidance
  • Compliance checklist
  • PDF report delivered in 24h
Get Started โ†’

Continuous

$99/month
  • Everything in Single Audit
  • Re-scan on every commit
  • Slack/email alerts on new findings
  • Monthly trend report
  • Priority support
Contact Us โ†’

Track Record

20 vulnerabilities found in Microsoft's MCP servers Including CVSS 9.8 SQL injection, 7 SSRF variants, and credential theft. All reported to MSRC.
Path traversal in HuggingFace Transformers Sharded model index allows loading files outside model directory. Reported to HuggingFace security.
50+ MCP servers scanned Baseline security data across the most popular MCP servers in the ecosystem.
Open-source tools on PyPI ai-injection-guard (300+ downloads/mo) ยท mcp-security-audit (200+ downloads/mo)

Built by LuciferForge ยท Dev.to ยท @gmanjuu

Questions? LuciferForge@proton.me