Secure Your MCP Servers Before Attackers Exploit

Q: What is the Enkrypt AI MCP Scanner?

An automated security tool that scans MCP (Model Context Protocol) servers for vulnerabilities using agentic static analysis techniques to detect command injection, path traversal, prompt injection, code injection, and other security risks.

Q: How long does a scan take?

Small repositories (1-5 tools) take less time than larger projects (10+ tools). Average scan time is under 5 minutes.

Q: What types of vulnerabilities can the scanner detect?

The scanner detects Prompt Injection, Command Injection, Code Injection, Path Traversal, Data Exfiltration, Resource Exhaustion, and Server Configuration issues.

Q: What do the severity ratings mean?

Critical (9.0+): Immediate action required. High (7.0-8.9): Significant risk. Medium (4.0-6.9): Moderate risk. Low (0-3.9): Minor issues.

Q: Can I scan any MCP server?

The scanner supports GitHub repos, npm packages, or remote endpoints. Remote MCPs are not currently supported.

Q: What if my scan fails or finds no tools?

If your scan fails or finds no tools, contact support for assistance with remote MCP server scanning.

Q: Is my scan data public?

Yes. Scan results are displayed in the public MCP Hub (repository name, URL, vulnerabilities, severity) to help the community identify secure MCP servers.

Q: How can I improve my MCP server's security score?

Each vulnerability includes detailed descriptions, specific line numbers and remediation recommendations. Fix the issues and submit a new scan to improve your score.

Q: Why Code Scanning is not sufficient?

Traditional code scanning tools aren't built for MCP's unique architecture. They catch basic issues like SQL injection or XSS, but miss LLM-driven exploits, prompt injection attacks, authorization gaps, adversarial prompts, protocol-level vulnerabilities, and resource exhaustion that are specific to MCP servers.

Q: How can I integrate the scanner into my CI/CD pipeline?

You can automate security scanning for every commit or release in your development workflow. Configure your CI/CD pipeline (GitHub Actions, GitLab CI, Jenkins, etc.) to automatically submit your repository for scanning whenever code changes are pushed or a new version is released. Contact hello@enkryptai.com for details.

Comprehensive security scanning for Model Context Protocol servers. Detect vulnerabilities, misconfigurations, and security risks across your MCP infrastructure.

Start Free Scan

View Sample Report

1000+

MCP Servers Scanned

4000+

Tools Analyzed

1000+

Vulnerabilities Found

Industry Recognition

Sample Scanned MCP Servers

mcp-server-browser

Critical

11 Issues

The Open-Source Multimodal AI Agent Stack: Connecting Cutting-Edge AI Models and Agent Infra

ServerURL: https://www.npmjs.com/package/@agent-infra/mcp-server-browser

npm

feiskyer/mcp-kubernetes-server

Critical

5 Issues

A Model Context Protocol (MCP) server that enables AI assistants to interact with Kubernetes clusters.

ServerURL: https://github.com/feiskyer/mcp-kubernetes-server

GitHub

dynatrace-mcp-server

High

11 Issues

MCP server for Dynatrace Observability

ServerURL: https://www.npmjs.com/package/
@dynatrace-oss/dynatrace-mcp-server-server-browser

npm

googleapis/gcloud-mcp

Medium

4 Issues

gcloud MCP server

ServerURL: https://github.com/googleapis/gcloud-mcpr-browser

GitHub

baidu-maps/mcp

Medium

4 Issues

Baidu Map MCP Server

ServerURL: https://github.com/baidu-maps/mcp

GitHub

gemini-mcp-tool

Low

0 Issues

MCP server that enables AI assistants to interact with Google Gemini CLI.

ServerURL: https://www.npmjs.com/package/gemini-mcp-tool

npm

datadog-mcp-server

Low

0 Issues

datadog-mcp-server

ServerURL: https://www.npmjs.com/package/datadog-mcp-server

npm

GLips/Figma-Context-MCP

Low

0 Issues

GLips/Figma-Context-MCP

ServerURL: https://github.com/GLips/Figma-Context-MCP

GitHub

1000s of MCP's scanned

Why Scan Your MCP?

Real Attacks Are Already Happening

Researchers discovered a fake postmark-mcp server—a backdoored server that silently exfiltrated every email. It worked perfectly. Users had no idea they were compromised.

Agents = Attack Surface

MCP servers give AI agents filesystem, database, and shell access. One vulnerability means full system compromise—not just your app, but everything it touches.

Tool Descriptions Hide Deadly Flaws

A tool claiming "safe file access" can still harbor path traversal bugs. Code analysis reveals what metadata can't—like CVE-2025-6514's RCE vulnerability hiding in plain sight.

Compliance & Trust

Security audits are required for SOC 2, ISO 27001, and enterprise adoption. Scan once, deploy with confidence.

Comprehensive Scanning Coverage

Our scanner checks for the most critical vulnerabilities in MCP servers

1. Code Security

Static analysis for injection, traversal, IDOR, and DoS vulnerabilities

2. Config Audits

Check for least-privilege, sandboxing, timeouts, and auth issues

3. Tool Scanning

Detect hidden tool injections, prompt injection and rug-pull behavior in MCP tools

4. Network Security

Flag SSRF, weak TLS, open ports, and missing timeouts

How MCP Scanner Works

Simple 3-step process to secure your MCP infrastructure

1. Submit Your Server

Provide your MCP server source via GitHub repo, npm package, or remote endpoint

GitHub

npm

Remote

2. Automated Scanning

Check for least-privilege, prompt injection, sandboxing, timeouts, and auth issues

Config check

Code security

Tool scan

Network tests

3. Get Detailed Report

Receive actionable insights with severity scores, impact analysis, and fix recommendations

Critical Issues Highlighted

Start Free Scan

Learn More

Process Overview

Sample Scan Report

See what our scanner found in a real MCP server

Scan Your MCP Server for Free

Get a comprehensive security assessment in minutes

100% Secure

We only scan publicly accessible repositories. No credentials required. Your code remains private.

Oops! Something went wrong while submitting the form.

MCP Scan Request Successful

Email: -

URL : -

Result link also shared to your email,
results will be ready in 10 mins

Error : -

Back to Home

Your MCP Report

FAQ’s

Everything you need to know about the Enkrypt AI MCP Scanner

1. What is the Enkrypt AI MCP Scanner?

An automated security tool that scans MCP (Model ContextProtocol) servers for vulnerabilities using agentic static analysis techniques to detect command injection, path traversal, prompt injection, code injection, and other security risks.

2. How long does a scan take?

Small repositories(1-5 tools): <2 minutes.
Larger projects (10+ tools):~5-7 minutes.
You'll receive email notifications when your scan starts and completes.

3. What types of vulnerabilities can the scanner detect?

Prompt Injection- Attackers can manipulate the MCP tool outputs to makeyour MCP client/server to performunintended actions or leaksensitive information by crafting malicious inputtext.The scanner can identify various vulnerabilities, including Prompt Injection, Command Injection, Code Injection, Path Traversal, Data Exfiltration, Resource Exhaustion, and Server Configuration issues.
Command Injection- Attackers can execute arbitrary system commands on your server byinserting malicious code into userinputs, potentially taking fullcontrol of your system.The scanner can identify various vulnerabilities, including Prompt Injection, Command Injection, Code Injection, Path Traversal, Data Exfiltration, Resource Exhaustion, and Server Configuration issues.
Code Injection- Similar to command injection, but allowsattackers to inject and execute malicious code directly withinyour application, compromising its functionalityand security.The scanner can identify various vulnerabilities, including Prompt Injection, Command Injection, Code Injection, Path Traversal, Data Exfiltration, Resource Exhaustion, and Server Configuration issues.
Path Traversal- Attackers can accessfiles and directories outside the intended scope by manipulating file paths(e.g., using "../" sequences), potentially exposing sensitive data.
Data Exfiltration- Vulnerabilities that allow unauthorized extraction of sensitive data from your system, suchas API keys, user information, or confidential files.
Resource Exhaustion- Missing safeguards thatprevent attackers from overwhelming your server with excessive requestsor operations, causing crashes or denial of service.
Server Configuration- Insecure MCP server settings like exposed endpoints, weak authentication, or improper permissions that make your server vulnerable to attacks.

4. What do the severity ratings mean?

Critical(9.0+): Immediate risk, fix urgently
High(7.0-8.9): Serious issues, fix soon
Medium(4.0-6.9): Moderate risks
Low(0-3.9): Minor issues

5. Can I scan any MCP server?

You can scan GitHub repositories (public only) and npm packages in Python, JavaScript, or TypeScript. Remote MCPs are not currently supported- only source code can be scanned.

6. What if my scan fails or finds no tools?

Common reasons: no MCP server code found, unsupported language, non-standard implementation, or remote MCP server(not supported). You'll receive error details via email.

7. Is my scan data public?

Yes. Scan results are displayed in the public MCP Hub (repository name, URL, vulnerabilities, severity) to help the community identify secure MCP servers.

8. How can I improve my MCP server's security score?

Each vulnerability includes detailed descriptions, specific line numbers and remediation recommendations. Fix the issues and submit a new scan to improve your score.

9. Why Code Scanning is not sufficient

Traditional code scanning tools aren't built for MCP's unique architecture. They catch basic issues like SQL injection or XSS, but miss the vulnerabilities that actually matter in MCP servers.

What traditional scanners miss:

LLM-driven exploits- A file operation might use proper path joining, but scanners won't detect when an LLM can manipulate inputsto access files outside the intended scope
Prompt injection attacks- Malicious instructions embedded in data sources thattrick agents into executing unintended commands fly under the radar
Authorization gaps- Tool descriptions claim"user-scoped access" but code never validates ownership. Standard scanners check syntax, not semantic security promises
Adversarial prompts- Resource exhaustion triggered by carefully crafted inputs that cause infinite loops in tool execution
Protocol-level vulnerabilities- Traditional scanners can't parse MCP's JSON-RPC protocol to understand the gap between what a tool claims to do versus what it actually does
Resource Exhaustion- Missing safeguards thatprevent attackers from overwhelming your server with excessive requestsor operations, causing crashes or denial of service.
Server Configuration- Insecure MCP server settings like exposed endpoints, weak authentication, or improper permissions that make your server vulnerable to attacks.

That gap between tool descriptions and actual implementation? That's where the real vulnerabilities hide. MCP servers need security tools that understand AI agent behavior patterns, prompt injection vectors, and the unique trust boundaries that emerge when LLMs orchestrate system access. Generic static analysis just doesn't cut it.

10. How can I integrate the scanner into my CI/CD pipeline?

You can automate security scanning for every commit or release in your development workflow. Configure your CI/CD pipeline (GitHub Actions, GitLab CI, Jenkins, etc.) to automatically submit your repository for scanning whenever code changes are pushed or a new version is released.

For integration details, please contact us on hello@enkryptai.com.This approach helps you catch security issues early in development, preventing vulnerable code from reaching production. If critical vulnerabilities are detected, you can configure your pipeline to block the deployment until the issues are resolved, ensuring only secure code makes it to your users.