mcp-guard
Comprehensive security scanner for Model Context Protocol (MCP) servers
claude mcp add --transport stdio saravanaguhan-mcp-guard python -m mcp_guard
How to use
MCP Guard is a dedicated security assessment tool for MCP servers. It analyzes MCP server implementations through static analysis, dynamic testing, and vulnerability scoring, producing structured reports that help identify protocol, input validation, configuration, dependency, and code-quality issues. To use it, install the package and run the scanner against a target MCP server repository or URL. The tool automatically detects the server type and applies appropriate checks, returning detailed vulnerability findings alongside CVSS v4.0 and AI-driven assessments. You can run comprehensive scans, perform static analysis only, or perform dynamic testing and fuzzing as needed. The output can be reviewed in the console or saved in JSON for integration with CI/CD pipelines.
How to install
Prerequisites:
- Python 3.8 or higher
- Git (optional, for cloning the repository)
- Internet access to install dependencies
Standard installation (from source):
# Clone the repository
git clone https://github.com/SaravanaGuhan/mcp-guard.git
cd mcp-guard
# Install runtime dependencies
pip install -r requirements.txt
# Install the package in editable mode (optional, for development)
pip install -e .
Alternative (if published on PyPI):
pip install mcp-guard
Usage once installed:
# Basic scan of an MCP server repository URL
python -m mcp_guard https://github.com/openbnb-org/mcp-server-airbnb
# Optional: run static analysis only
python -m mcp_guard --scan-type static https://github.com/target/repo
# Optional: output as JSON
python -m mcp_guard --output report.json https://github.com/target/repo
Additional notes
Tips and common considerations:
- Ensure Python 3.8+ is used to satisfy package requirements.
- The scanner supports multiple MCP server languages (Python, Node.js, Go, Docker-based). If a server is containerized, the tool can analyze containerized deployments as well.
- For CI integration, use the --output flag to export JSON/SARIF reports which can feed into dashboards and gatekeepers.
- If you encounter network or dependency issues, check your network proxy settings and ensure pip has access to PyPI or your internal index.
- Some analyses may take longer on large repositories; you can run static analysis first to get quick results, then perform full dynamic analysis if needed.
- Customize scanning with additional flags as needed (scan-type, output format, etc.).
Related MCP Servers
toolhive
ToolHive makes deploying MCP servers easy, secure and fun
mcp-for-security
MCP for Security: A collection of Model Context Protocol servers for popular security tools like SQLMap, FFUF, NMAP, Masscan and more. Integrate security testing and penetration testing into AI workflows.
mcp-gateway
A plugin-based gateway that orchestrates other MCPs and allows developers to build upon it enterprise-grade agents.
mcp -python-template
This template provides a streamlined foundation for building Model Context Protocol (MCP) servers in Python. It's designed to make AI-assisted development of MCP tools easier and more efficient.
Convert-Markdown-PDF
Markdown To PDF Conversion MCP
shodan
Shodan MCP server for Claude, Cursor & VS Code. 20 tools for passive reconnaissance, CVE/CPE intelligence, DNS analysis, and device search. 4 tools work free without an API key. OSINT and vulnerability research from your IDE.
