MCPSafe
mcpsafe.ioFree MCP server security scanner with AIVSS scoring and multi-LLM consensus
Securitymcpsecurity-scanningllmstatic-analysisvulnerability-scoringai-securitydeveloper-tools
About
MCPSafe is a security scanning tool for Model Context Protocol (MCP) servers that performs pre-install audits using static analysis combined with a consensus of five independent LLM judges. It detects issues like typosquatting, command injection, tool poisoning, prompt injection, and over-permissive access, then produces an AIVSS 0–10 score with per-tool findings and CWE mappings. Scanning is free and requires no account, with signed-in users getting higher rate limits and scan history.
Problem
Developers have no easy way to verify whether an MCP server is safe to install before adding it to their environment
For
Developers vetting MCP servers before installation and registry operators publishing safe catalogs
How it works
Users paste a GitHub URL, npm package, or pip package and MCPSafe runs parallel typosquat, static, behavioral, and five-LLM consensus analyses to produce an AIVSS score with actionable findings
Business model
freemium
Status
launched
Company
MCPSafe