mcp-security-analyzer

The MCP Security Analyzer is a Python-based security testing framework designed to validate MCP servers by automatically running security test scenarios in isolated environments and analyzing the resulting network traffic and findings. It provides pre-configured use cases that simulate common security challenges such as file access, data exfiltration, command injection, and privilege escalation, and it can optionally leverage Claude AI for threat assessment. You can run a security inspection against any MCP server by supplying the server launch command (e.g., a Python module invocation or another startup command) and selecting a predefined use case to execute. The tool then orchestrates the test, captures network data, and compiles a comprehensive report with sections for executive findings, traffic analysis, and remediation suggestions.

Prerequisites:

• Python 3.9+ installed on your system
• Docker Engine running with appropriate permissions
• Network capture tools (libpcap, tcpdump) if you plan to analyze traffic locally

Installation steps:

1. Clone the repository containing the MCP Security Analyzer (or install the package from source):

git clone https://github.com/yair4data/mcp-security-analyzer.git
cd mcp-security-analyzer

2. Create and activate a Python virtual environment (recommended):

python3 -m venv venv
source venv/bin/activate  # On Windows: venv\Scripts\activate

3. Install the analyzer in editable mode:

pip install -e .

4. Verify installation:

docker version  # ensure Docker is running
mcp-security-analyzer --version

To run a test against your MCP server, ensure your server can be started with a Python module entry point (as shown in the configuration) and then use the analyzer with a config file and a chosen use case as demonstrated in the usage examples.

Tips and notes:

• The analyzer supports optional Claude AI threat assessment; set CLAUDE_API_KEY in your environment if you want AI-powered insights.
• Ensure Docker is properly configured on your system to allow containerized MCP server execution with network isolation.
• When troubleshooting, check that your MCP server startup command (for example, python -m mcp_security_analyzer or a custom script) is correctly accessible from the environment where you run the analyzer.
• The generated reports (HTML, JSON, CSV) and PCAP can be used for in-depth offline analysis and sharing findings with stakeholders.
• If your MCP server requires specific dependencies, consider creating a dedicated virtual environment or container image to ensure reproducible test runs.