Scan MCP Servers for Security Threats

Audit MCP servers for malicious tool definitions before installing

MCP servers can contain hidden instructions in tool descriptions that manipulate AI behavior. Scan them before adding to Claude.

Quick Start

# Scan an MCP server repo before installing
superagent scan --repo https://github.com/user/mcp-server

What It Detects

Hidden instructions in tool descriptions
Prompt injection in README/docs
Malicious default configurations
Data exfiltration patterns in tool implementations

Example Workflow

# 1. Find an MCP server you want to use
MCP_REPO="https://github.com/someone/cool-mcp-server"

# 2. Scan it first
superagent scan --repo $MCP_REPO

# 3. Review the report, then install if clean
claude mcp add cool-server -- npx -y cool-mcp-server

Programmatic Usage

import { createClient } from "safety-agent";

const client = createClient();

async function auditMcpServer(repoUrl: string) {
  const { result } = await client.scan({ repo: repoUrl });
  return result;
}

The result is a comprehensive natural language report that can be passed directly to a downstream model for interpretation or decision-making.

Environment Variables

SUPERAGENT_API_KEY - Required
DAYTONA_API_KEY - Required for sandbox execution

Providers

Supported LLM providers and configuration

Secure your RAG pipeline

Validate uploaded files before processing them in your RAG pipeline using Safety Agent Guard

On this page

Quick Start What It Detects Example Workflow Programmatic Usage Environment Variables