SecScanMCP

SecScanMCP is an MCP server focused on security analysis for other MCP servers. It combines static analysis tools, pattern matching with YARA, and dynamic runtime checks to detect prompt injections, tool poisoning, rug pulls, cross-server threats, and schema abuse within MCP deployments. When running, it provides a layered analysis pipeline that evaluates code quality, security patterns, and runtime behavior to surface risk signals with both developer-oriented and user-oriented scoring. Use SecScanMCP to scan MCP configurations, tool manifests, and executed inputs to identify potential attack vectors and unsafe configurations before they are deployed in production.

Prerequisites:\n- Docker installed and running on the host with permission to pull images\n- Internet access to pull the SecScanMCP image (or a local image if you build it locally)\n\nInstallation steps:\n1) Pull the SecScanMCP Docker image (or ensure you have the image you intend to run):\n docker pull zakariaf/secscanmcp:latest\n\n2) Run the MCP server using the provided image:\n docker run -it --rm zakariaf/secscanmcp:latest\n\n3) If you prefer to specify a particular tag or repository, replace the image reference accordingly, for example:\n docker run -it --rm zakariaf/secscanmcp:stable\n\n4) (Optional) Configure environment variables for fine-grained controls (see additional_notes below for common options).

Notes and tips:\n- Environment variables can tailor analysis depth, like enabling/disabling specific analyzers (static, YARA, dynamic) or adjusting risk thresholds.\n- Ensure network policies allow the container to access required resources (e.g., vulnerability feeds, ML services) if used in your environment.\n- When running in CI, consider mounting a volume for persistent results and logs.\n- If you encounter image pull failures, verify the image name and tag, and ensure you have the necessary access rights to pull from the registry.\n- For dynamic runtime analysis, ensure Docker daemon is configured securely and that you limit tooling exposure to prevent accidental host compromise.\n- Review the 12+ analyzers and 117 YARA rules shipped with SecScanMCP to understand coverage and potential false positives in your MCP domain.\n- If you need to customize rules, consult the included rule files (e.g., mcp_threats.yar, mcp_vulnerabilities.yar, etc.) and adjust paths or volumes accordingly.