MCPSafe

mcpsafe.io

Free MCP server security scanner with AIVSS scoring and multi-LLM consensus

Visit
MCPSafe screenshot
/ About /

MCPSafe is a security scanning tool for Model Context Protocol (MCP) servers that performs pre-install audits using static analysis combined with a consensus of five independent LLM judges. It detects issues like typosquatting, command injection, tool poisoning, prompt injection, and over-permissive access, then produces an AIVSS 0–10 score with per-tool findings and CWE mappings. Scanning is free and requires no account, with signed-in users getting higher rate limits and scan history.

/ How it works /

Users paste a GitHub URL, npm package, or pip package and MCPSafe runs parallel typosquat, static, behavioral, and five-LLM consensus analyses to produce an AIVSS score with actionable findings

/ Who it's for /

Developers vetting MCP servers before installation and registry operators publishing safe catalogs

/ More info /

Background.

Status
launched
Business model
freemium
Company
MCPSafe
/ Discovered patterns /

Similar projects.

Coming soonSpektrail’s read on Security

Editorial take on the space this project sits in — momentum signals, adjacent moves, our call on whether the wedge is real. Get pinged when we publish a new read or when the landscape shifts.

Coming soon

Have a take on this space?

Tell us what you’d build differently, where you think the incumbents miss, or what we’ve gotten wrong about this project. Comments + reactions are coming soon.