MCPSafe
Free MCP server security scanner with AIVSS scoring and multi-LLM consensus

MCPSafe is a security scanning tool for Model Context Protocol (MCP) servers that performs pre-install audits using static analysis combined with a consensus of five independent LLM judges. It detects issues like typosquatting, command injection, tool poisoning, prompt injection, and over-permissive access, then produces an AIVSS 0–10 score with per-tool findings and CWE mappings. Scanning is free and requires no account, with signed-in users getting higher rate limits and scan history.
Users paste a GitHub URL, npm package, or pip package and MCPSafe runs parallel typosquat, static, behavioral, and five-LLM consensus analyses to produce an AIVSS score with actionable findings
Developers vetting MCP servers before installation and registry operators publishing safe catalogs
Background.
- Status
- launched
- Business model
- freemium
- Company
- MCPSafe
Similar projects.
Editorial take on the space this project sits in — momentum signals, adjacent moves, our call on whether the wedge is real. Get pinged when we publish a new read or when the landscape shifts.
Have a take on this space?
Tell us what you’d build differently, where you think the incumbents miss, or what we’ve gotten wrong about this project. Comments + reactions are coming soon.