mcp-security-scan
Scans MCP servers, tools, prompts, and resources for security vulnerabilities using YARA rules, LLM analysis, and Cisco AI Defense API. Use this skill when the user wants to check MCP servers for security issues, detect prompt injection, tool poisoning, or analyze MCP configurations for threats.
Install
mkdir -p .claude/skills/mcp-security-scan && curl -L -o skill.zip "https://mcp.directory/api/skills/download/6666" && unzip -o skill.zip -d .claude/skills/mcp-security-scan && rm skill.zipInstalls to .claude/skills/mcp-security-scan
About this skill
MCP Security Scanning
When the user asks to scan MCP servers or check for security issues in MCP configurations, use the uv run mcp-scanner CLI tool. This tool detects prompt injection, tool poisoning, command injection, data exfiltration, and other MCP-specific threats.
Important: Always run mcp-scanner using uv run mcp-scanner to ensure proper dependency management.
Threat Types Detected
- Prompt Injection: Malicious instructions embedded in tool descriptions or prompts
- Tool Poisoning: Tools that claim to do one thing but actually perform malicious actions
- Command Injection: Tools that execute arbitrary system commands
- Data Exfiltration: Tools that leak sensitive data to external endpoints
- Privilege Escalation: Tools that request excessive permissions
- Cross-Origin Attacks: Tools that access unauthorized resources
- Behavioral Mismatches: Discrepancies between documented and actual tool behavior
Analyzers
| Analyzer | Description | Requirements | Best For |
|---|---|---|---|
yara | Fast pattern-based detection using YARA rules | None | Quick scans, CI/CD pipelines |
llm | LLM-powered semantic analysis | MCP_SCANNER_LLM_API_KEY | Deep analysis, prompt injection detection |
api | Cisco AI Defense API | MCP_SCANNER_API_KEY | Enterprise-grade threat detection |
Combine analyzers: --analyzers yara,llm,api for comprehensive scanning.
Scanning Modes
1. Remote MCP Server
Scan tools on a remote SSE or streamable HTTP MCP server:
# Basic scan
uv run mcp-scanner --analyzers yara remote --server-url https://mcp.example.com/mcp
# With authentication
uv run mcp-scanner --analyzers yara remote --server-url https://mcp.example.com/mcp --bearer-token "$TOKEN"
# With custom headers (e.g., MCP Gateway dual-token auth)
uv run mcp-scanner --analyzers yara remote --server-url https://gateway.example.com/mcp \
--header "Authorization: Bearer ingress-token" \
--header "X-Egress-Auth: Bearer egress-token"
2. Known Config Locations
Scan well-known MCP config paths (Windsurf, Cursor, Claude Desktop, VS Code):
# Quick summary scan
uv run mcp-scanner --scan-known-configs --analyzers yara --format summary
# Detailed scan
uv run mcp-scanner --scan-known-configs --analyzers yara --format detailed
# With authentication for remote servers in configs
uv run mcp-scanner known-configs --bearer-token "$TOKEN" --analyzers yara
Config locations scanned:
~/.codeium/windsurf/mcp_config.json(Windsurf)~/.cursor/mcp.json(Cursor)~/Library/Application Support/Claude/claude_desktop_config.json(Claude Desktop on macOS)- VS Code MCP settings
3. Specific Config File
Scan a specific MCP configuration file:
uv run mcp-scanner config --config-path /path/to/mcp_config.json --analyzers yara --format detailed
4. Stdio MCP Server
Launch and scan a stdio-based MCP server:
# Using uvx
uv run mcp-scanner stdio --stdio-command uvx \
--stdio-arg=--from --stdio-arg=mcp-server-fetch --stdio-arg=mcp-server-fetch \
--analyzers yara --format summary
# Scan specific tool only
uv run mcp-scanner stdio --stdio-command uvx \
--stdio-arg=--from --stdio-arg=mcp-server-fetch --stdio-arg=mcp-server-fetch \
--stdio-tool fetch --analyzers yara
# With environment variables
uv run mcp-scanner stdio --stdio-command python --stdio-arg=server.py \
--stdio-env API_KEY=secret --analyzers yara
5. Prompts
Scan MCP server prompts for prompt injection and manipulation:
# Scan all prompts
uv run mcp-scanner --analyzers llm prompts --server-url http://127.0.0.1:8000/mcp
# Scan specific prompt
uv run mcp-scanner --analyzers llm prompts --server-url http://127.0.0.1:8000/mcp --prompt-name "greet_user"
# Table format output
uv run mcp-scanner --analyzers llm --format table prompts --server-url http://127.0.0.1:8000/mcp
6. Resources
Scan MCP server resources for malicious content:
# Scan all resources
uv run mcp-scanner --analyzers llm resources --server-url http://127.0.0.1:8000/mcp
# Scan specific resource
uv run mcp-scanner --analyzers llm resources --server-url http://127.0.0.1:8000/mcp \
--resource-uri "file://test/document.txt"
# Filter by MIME types
uv run mcp-scanner --analyzers llm resources --server-url http://127.0.0.1:8000/mcp \
--mime-types "text/plain,text/html,application/json"
7. Server Instructions
Scan server instructions from InitializeResult for prompt injection and misleading guidance:
uv run mcp-scanner instructions --server-url http://127.0.0.1:8000/mcp
# With LLM for semantic analysis
uv run mcp-scanner --analyzers llm instructions --server-url http://127.0.0.1:8000/mcp
8. Behavioral Code Analysis
Analyze MCP server source code to detect mismatches between documentation and implementation:
# Scan a single file
uv run mcp-scanner behavioral /path/to/mcp_server.py
# Scan a directory
uv run mcp-scanner behavioral /path/to/mcp_servers/
# With specific output format
uv run mcp-scanner behavioral /path/to/mcp_server.py --format by_severity
# Save results to file
uv run mcp-scanner behavioral /path/to/mcp_server.py --output results.json --format raw
Detects:
- Functions that claim to read but actually write
- Hidden network calls not mentioned in documentation
- Credential harvesting disguised as helper functions
- Data exfiltration in seemingly benign operations
9. Static/Offline Scanning (CI/CD Mode)
Scan pre-generated JSON files without connecting to a live server:
# Scan tools JSON (YARA-only, no API keys needed)
uv run mcp-scanner --analyzers yara --format summary static --tools /path/to/tools.json
# Scan prompts JSON
uv run mcp-scanner --analyzers llm static --prompts /path/to/prompts.json
# Scan resources JSON
uv run mcp-scanner --analyzers llm static --resources /path/to/resources.json
# Scan all types at once
uv run mcp-scanner --analyzers yara,llm,api --format detailed static \
--tools /path/to/tools.json \
--prompts /path/to/prompts.json \
--resources /path/to/resources.json
Expected JSON format:
{
"tools": [
{
"name": "tool_name",
"description": "Tool description",
"inputSchema": { "type": "object", "properties": {} }
}
]
}
Output Formats
| Format | Description | Use Case |
|---|---|---|
summary | Concise overview with key findings | Quick checks |
detailed | Comprehensive analysis with full breakdown | Investigation |
table | Clean tabular format | Reports |
by_severity | Results grouped by severity level | Prioritization |
raw | Raw JSON output | Automation/CI |
Environment Variables
Core Configuration
# Cisco AI Defense API (for api analyzer)
export MCP_SCANNER_API_KEY="your_cisco_api_key"
export MCP_SCANNER_ENDPOINT="https://us.api.inspect.aidefense.security.cisco.com/api/v1"
LLM Configuration
# OpenAI
export MCP_SCANNER_LLM_API_KEY="your_openai_api_key"
export MCP_SCANNER_LLM_MODEL="gpt-4o"
# Azure OpenAI
export MCP_SCANNER_LLM_BASE_URL="https://your-resource.openai.azure.com/"
export MCP_SCANNER_LLM_API_VERSION="2024-02-01"
export MCP_SCANNER_LLM_MODEL="azure/gpt-4"
# AWS Bedrock Claude
export AWS_PROFILE="your-profile"
export AWS_REGION="us-east-1"
export MCP_SCANNER_LLM_MODEL="bedrock/anthropic.claude-sonnet-4-5-20250929-v2:0"
# Local LLM (Ollama, vLLM, LocalAI)
export MCP_SCANNER_LLM_API_KEY="test" # Required but can be any value
export MCP_SCANNER_LLM_ENDPOINT="http://localhost:11434"
# Extended thinking models (longer timeout)
export MCP_SCANNER_LLM_TIMEOUT=300
Severity Levels
- HIGH: Critical security issues requiring immediate attention
- MEDIUM: Potential security concerns that should be reviewed
- LOW: Minor issues or informational findings
- SAFE: No security issues detected
Best Practices
- Start with YARA: Use
--analyzers yarafor quick initial scans (no API keys needed) - Add LLM for depth: Include
llmanalyzer for semantic analysis of suspicious tools - Use detailed format: Use
--format detailedwhen investigating findings - CI/CD integration: Use static scanning with
--format rawfor pipeline integration - Scan before install: Always scan new MCP servers before adding to your configuration
- Regular rescans: Periodically rescan existing configurations for new threats
Example Workflow
# 1. Quick scan of all local configs
uv run mcp-scanner --scan-known-configs --analyzers yara --format summary
# 2. If issues found, run detailed scan
uv run mcp-scanner --scan-known-configs --analyzers yara,llm --format detailed
# 3. For new server, scan before installing
uv run mcp-scanner --analyzers yara,llm remote --server-url https://new-mcp-server.com/mcp
# 4. For MCP server code you're reviewing
uv run mcp-scanner behavioral ./mcp-server-source/ --format by_severity
More by cisco-ai-defense
View all skills by cisco-ai-defense →You might also like
flutter-development
aj-geddes
Build beautiful cross-platform mobile apps with Flutter and Dart. Covers widgets, state management with Provider/BLoC, navigation, API integration, and material design.
drawio-diagrams-enhanced
jgtolentino
Create professional draw.io (diagrams.net) diagrams in XML format (.drawio files) with integrated PMP/PMBOK methodologies, extensive visual asset libraries, and industry-standard professional templates. Use this skill when users ask to create flowcharts, swimlane diagrams, cross-functional flowcharts, org charts, network diagrams, UML diagrams, BPMN, project management diagrams (WBS, Gantt, PERT, RACI), risk matrices, stakeholder maps, or any other visual diagram in draw.io format. This skill includes access to custom shape libraries for icons, clipart, and professional symbols.
ui-ux-pro-max
nextlevelbuilder
"UI/UX design intelligence. 50 styles, 21 palettes, 50 font pairings, 20 charts, 8 stacks (React, Next.js, Vue, Svelte, SwiftUI, React Native, Flutter, Tailwind). Actions: plan, build, create, design, implement, review, fix, improve, optimize, enhance, refactor, check UI/UX code. Projects: website, landing page, dashboard, admin panel, e-commerce, SaaS, portfolio, blog, mobile app, .html, .tsx, .vue, .svelte. Elements: button, modal, navbar, sidebar, card, table, form, chart. Styles: glassmorphism, claymorphism, minimalism, brutalism, neumorphism, bento grid, dark mode, responsive, skeuomorphism, flat design. Topics: color palette, accessibility, animation, layout, typography, font pairing, spacing, hover, shadow, gradient."
godot
bfollington
This skill should be used when working on Godot Engine projects. It provides specialized knowledge of Godot's file formats (.gd, .tscn, .tres), architecture patterns (component-based, signal-driven, resource-based), common pitfalls, validation tools, code templates, and CLI workflows. The `godot` command is available for running the game, validating scripts, importing resources, and exporting builds. Use this skill for tasks involving Godot game development, debugging scene/resource files, implementing game systems, or creating new Godot components.
nano-banana-pro
garg-aayush
Generate and edit images using Google's Nano Banana Pro (Gemini 3 Pro Image) API. Use when the user asks to generate, create, edit, modify, change, alter, or update images. Also use when user references an existing image file and asks to modify it in any way (e.g., "modify this image", "change the background", "replace X with Y"). Supports both text-to-image generation and image-to-image editing with configurable resolution (1K default, 2K, or 4K for high resolution). DO NOT read the image file first - use this skill directly with the --input-image parameter.
fastapi-templates
wshobson
Create production-ready FastAPI projects with async patterns, dependency injection, and comprehensive error handling. Use when building new FastAPI applications or setting up backend API projects.
Related MCP Servers
Browse all servers
Google MapsFind official MCP servers for Google Maps. Explore resources to build, integrate, and extend apps with Google directions
Google Cloud Compute EngineExplore MCP servers for Google Compute Engine. Integrate model context protocol solutions to streamline GCE app developm
Google Kubernetes Engine (GKE)Explore Google Kubernetes Engine (GKE) MCP servers. Access resources and examples for context-aware app development in G
Supercharge your NextJS projects with AI-powered tools for diagnostics, upgrades, and docs. Accelerate development and b
CoolifyCoolify is a robust application deployment tool and deployment software for managing servers, applications, and team res
Generate Custom MCPsGenerate Custom MCPs lets you create tailored MCP servers easily using the MCP SDK to automate AI tool setup and resourc
Stay ahead of the MCP ecosystem
Get weekly updates on new skills and servers.