MCPSafe
Sign InGet Started
DocumentationGetting Started

Getting Started with MCPSafe

Learn how to scan MCP servers for security vulnerabilities

MCPSafe is the security scanner and quality registry for Model Context Protocol (MCP) servers. MCP servers extend AI assistants like Claude with capabilities like file access, database queries, and API calls. These powerful integrations require careful security review - that's where MCPSafe comes in.

What is MCPSafe?

MCPSafe provides automated security analysis for MCP servers across the ecosystem. We scan source code from npm, PyPI, and GitHub to identify security vulnerabilities before they can be exploited.

20,000+

Servers Indexed

50+

Security Rules

1,200+

CVEs Detected

Quick Start

Get up and running with MCPSafe in just a few steps.

1

Create an Account

Sign up for free to access all scanning features

Sign Up
2

Submit a Server

Enter a GitHub, npm, or PyPI URL to scan

Scan Server
3

Review Results

View detailed security analysis and recommendations

View Example
4

Add Badge

Display your security grade in your README

Learn More

Core Concepts

Understanding these key concepts will help you get the most out of MCPSafe.

Security Scanning

Automated static analysis that checks MCP server source code for vulnerabilities like command injection, path traversal, SSRF, and more.

Security Grades

Servers receive grades from A+ to F based on vulnerability severity and count. A-grade servers have no critical or high-severity issues.

Quality Scores

Beyond security, we evaluate documentation quality, test coverage, TypeScript usage, and maintenance activity.

Watchlist

Monitor specific servers and get notified when new vulnerabilities are discovered or security scores change.

Alerts

Real-time notifications via email, Slack, or webhooks when security issues are found in your watched servers.

CI/CD Integration

Integrate MCPSafe into your build pipeline with our GitHub Action or CLI tool to catch issues before deployment.

Your First Scan

There are three ways to scan an MCP server with MCPSafe. Choose the method that works best for your workflow.

Using the CLI

Install our CLI tool to scan servers from your terminal

# Install the MCPSafe CLI
npm install -g @mcpsafe/cli

# Scan a local MCP server
mcpsafe scan ./my-mcp-server

# Scan a remote package
mcpsafe check @modelcontextprotocol/server-filesystem

# Output as JSON
mcpsafe scan ./ --format json

Try it without an account

You can browse our registry and view scan results for public servers without creating an account. To scan your own servers or use the API, you'll need to sign up for free.

Understanding Results

Security Grades

Every scanned server receives a security grade from A+ to F based on the vulnerabilities found:

GradeScore RangeMeaning
A+95-100No vulnerabilities found
A90-94Only informational findings
B80-89Low severity issues only
C70-79Some medium severity issues
D60-69High severity vulnerabilities
F0-59Critical vulnerabilities present

What We Scan For

MCPSafe checks for 50+ security rules across multiple categories:

Command Injection

critical
  • exec() with user input
  • spawn() with shell: true
  • eval() usage
  • Function() constructor

Path Traversal

high
  • Unsanitized path.join()
  • User-controlled fs operations
  • Directory traversal patterns

SSRF

high
  • User-controlled fetch URLs
  • Internal IP access
  • DNS rebinding

Authentication

critical
  • Hardcoded credentials
  • API keys in source
  • Missing auth handlers
View all security rules

Next Steps

API Reference

Integrate MCPSafe into your applications with our REST API.

Security Badges

Display your security grade in your README with embeddable badges.

CI/CD Integration

Add security scanning to your GitHub Actions or GitLab CI pipeline.

Browse Registry

Explore 20,000+ indexed MCP servers and their security scores.

Ready to secure your MCP servers?

Create a free account and run your first scan in under a minute.

Browse RegistryGet Started Free
Documentation HomeAPI Reference