Tests · 27 security checks

Every check we run, on every scan.

Six attack surfaces. Deterministic, reproducible, no LLM in the hot path. Each finding comes with a rule ID, severity, the exact payload we used as evidence, and a remediation hint.

27+ security checks
6 categories
10 operational signals
~2-4s typical scan
The Test Matrix · 27 checks

Everything we look for, in one table.

Six attack surfaces. 27 deterministic checks per scan. Each finding comes with a rule ID, severity, the exact payload we used as evidence, and a remediation hint — no LLM in the hot path, no black box.

01

Black-box, non-destructive

Real payloads against your live server — but we never write, delete, or persist anything. Path-traversal probes read; we don't mutate state.

02

Pattern + protocol-aware

We speak JSON-RPC 2.0 natively, enumerate every tool, classify by capability, then fire targeted payloads at each parameter that looks risky.

03

Honest about uncertainty

If a probe can't run (timeout, blocked, no response) we tell you. Operational findings are separate from security findings and never affect your score.

01

Authentication & Access Control

4 tests
ID
Test
Severity
What it checks
A01
Unauthenticated Access
Critical
Tools accessible without any credentials
A02
Default Credentials
Critical
Weak tokens: 'test', 'default', 'admin', 'password'
A03
Missing Auth Config
High
No authentication mechanism configured
A04
Excessive Tool Exposure
Medium
>20 tools exposed — large attack surface
02

Transport Security

3 tests
03

Injection Attacks

5 tests
04

Tool Risk Analysis

8 tests
05

Rate Limiting

1 tests
06

Config / stdio Analysis

6 tests
Scoring

One number. One letter. Honest.

The formula is weighted by severity and published. No black box, no “security score” marketing points — just a transparent rubric.

FORMULA
score = 100
  − critical × 40
  − high     × 15
  − medium  ×  5
  − low      ×  1
Every severity has a weight. One critical is enough to pull you below a B. Three criticals and you're failing. This is intentional — MCP servers run with privileged access, and the blast radius is asymmetric.
# floor at 0, ceil at 100
A
90–100
Excellent — minimal risk. Ship it.
B
80–89
Good — minor issues, fix before production.
C
70–79
Fair — needs attention, review findings.
D
50–69
Poor — significant risks. Do not expose.
F
0–49
Failing — critical vulnerabilities present.
Stop wondering

Know what your MCP servers actually expose.

▸ Scan now — free Read the docs
Get in touch hello@mcpscanner.dev
For bugs, please open an issue on GitHub.