Security scanner for MCP servers

• Audit Model Context Protocol servers for prompt injection, missing auth, unsafe permissions, and other tool-use risks.
• Runs locally with no data leaving your machine.
• Performs a real handshake with the server to enumerate exposed tools, resources, and prompts.
• Executes six categories of static security checks: Authentication, Prompt Injection, Permissions, Secrets Exposure, Schema Validation, and Context Bloat.
• Provides a weighted security score from 0-100.
• Supports HTTP transport and SSE endpoints.
• Scans complete in under three seconds.