Free · No signup · GDPR-compliant · Built in Germany
MCPSafe is an independent security project focused on making the Model Context Protocol (MCP) ecosystem safer for developers and organizations. We are based in Germany and operate under GDPR-compliant infrastructure.
We believe that security tooling for AI agent ecosystems should be:
- Free — accessible to every developer, not gated behind enterprise plans
- Transparent — results you can understand and act on
- Fast — scan in seconds, not days
MCPSafe scans MCP packages for security vulnerabilities before they reach your AI agents.
The MCP ecosystem is growing fast — and so is the attack surface. Malicious actors are already exploiting tool poisoning, typosquatting, and prompt injection to compromise AI agents running in production. MCPSafe catches these threats early.
| Threat | Description |
|---|---|
| Tool Poisoning | Malicious instructions hidden inside MCP tool descriptions — invisible to developers, but parsed and executed by LLM agents |
| Typosquatting | Fake packages with names nearly identical to popular ones, designed to trick developers into installing malicious code |
| Hardcoded Secrets | API keys, tokens, and credentials accidentally left in MCP package source code |
| Prompt Injection | Inputs crafted to hijack an agent's instructions and redirect its behavior |
Paste an MCP package name or repository URL into the scanner at mcpsafe.io. No account or API key required.
MCPSafe routes each scan through five independent large language models simultaneously. Each model independently analyzes the package for threats. Results are aggregated using a consensus algorithm — a vulnerability is only flagged when multiple models agree, dramatically reducing false positives.
Package → [LLM 1] ─┐
[LLM 2] ─┤
[LLM 3] ─┼─→ Consensus Engine → AIVSS Score → Report
[LLM 4] ─┤
[LLM 5] ─┘
Each finding is scored using AIVSS (AI Vulnerability Severity Score) — our scoring system that extends CVSS (Common Vulnerability Scoring System) with dimensions specific to agentic AI threats:
- Autonomy Impact — how much can this vulnerability affect autonomous agent decisions?
- Context Propagation — can the attack spread to connected tools or agents?
- Execution Reach — what resources can the compromised agent access?
AIVSS scores range from 0–10, with 7+ considered critical in an agentic context.
You receive a structured report showing each finding, its AIVSS score, the affected code or description snippet, and recommended remediation steps.
| Metric | Count |
|---|---|
| Packages scanned | 448+ |
| Vulnerabilities found | 5,210+ |
| Threat categories | 4 |
| Models in consensus engine | 5 |
MCP tool descriptions are text — and text is a powerful attack vector against LLMs. A developer installing an MCP server sees a name and description. An AI agent sees those same fields as executable context. This asymmetry is exactly what attackers exploit.
From our scan data: over 60% of scanned packages contain at least one detectable issue, ranging from leaked credentials to active prompt injection payloads embedded in tool descriptions.
No signup. No API key. Paste a package, get results.
MCPSafe is an open project. Contributions welcome:
- New threat signatures — open an issue describing the pattern
- False positive reports — help us tune the consensus engine
- Integrations — CI/CD plugins, IDE extensions, CLI tooling
Open an issue or start a discussion in this repository.
📧 hello@mcpsafe.io 🌐 https://mcpsafe.io 🐙 https://github.com/mcpsafe-gh
MCPSafe is independent and not affiliated with Anthropic or the Model Context Protocol project.