MCP - Shield is a security tool for scanning MCP server vulnerabilities, which can detect security risks such as tool poisoning attacks, data leakage channels, and cross - domain violations.

This project is an M365 MCP server that implements the CISA BOD 25 - 01 security controls. It manages Microsoft 365 security settings through the Microsoft Graph API and provides functions such as blocking legacy authentication, risk - based access control, MFA management, application registration control, and password policy management.

A website security scanning tool based on the MCP protocol, integrating dirsearch directory scanning and firecrawl crawler technology, capable of automatically identifying the website technology stack and classifying vulnerability risk levels

MCP Fortress is a comprehensive security tool designed for Model Context Protocol (MCP) servers, offering automated vulnerability scanning, runtime protection, risk scoring, and threat detection functions, and supporting integration with AI assistants such as Claude Code through the MCP server mode for security analysis.

VulniCheck is an AI - driven security scanner that provides comprehensive security analysis for Python projects and GitHub repositories. It runs as a Docker - based HTTP MCP server, supports standard HTTP streaming, and offers containerized deployment and comprehensive vulnerability scanning capabilities, including dependency checking, key detection, Docker file analysis, and AI risk assessment.

MCP Bridge is a lightweight, LLM-independent RESTful proxy for connecting to multiple Model Context Protocol (MCP) servers and exposing their functions through a unified REST API. It solves the problem that platforms such as edge devices, mobile devices, and web browsers cannot efficiently run MCP servers, and provides optional risk-based execution levels, including security controls such as standard execution, confirmation workflows, and Docker isolation.

This project demonstrates the security risks of using AI agent tools through extendable-agents, especially the potential leakage of sensitive information caused by tool sharing under the MCP protocol, and provides security usage suggestions.

This project is an MCP toolkit for educational purposes, demonstrating social platform content analysis techniques and their security risks. It includes data extraction and analysis tools for Reddit and LinkedIn.

The Enkrypt AI MCP Server is a server for integrating red team testing, prompt auditing, and AI security analysis. It is compatible with the Model Context Protocol (MCP) standard and supports functions such as real - time prompt risk analysis and adversarial prompt generation. It can be seamlessly integrated with MCP clients such as Claude Desktop and Cursor IDE.

This project demonstrates an MCP server and client with security vulnerabilities for educational purposes, showing security risks such as SQL injection and arbitrary code execution.

Lilith Shell is an enhanced MCP server that allows AI assistants to execute commands in the terminal, providing security controls and testing capabilities. It should be used in a virtual machine or a resettable development environment due to security risks.

The MCP Network Sentinel is a tool for monitoring the network activities of MCP servers, used to identify potential security risks, record all network communications, and detect suspicious behaviors.

An intentionally vulnerable MCP server project for security research, containing risks of SQL injection and remote code execution, suitable for test environments.

A tool for executing bash commands through an MCP server, allowing client applications to remotely execute commands and obtain output results. Pay attention to security risks.

A cognitive dynamic application security testing automation system based on OWASP ZAP and Google Gemini AI. It integrates AI analysis through the MCP protocol, providing automated scanning, intelligent risk assessment, and multi - format report output.

Memoria is an MCP server that reveals hidden dependencies between code files by analyzing Git history, preventing AI from breaking functionality when refactoring code. It runs entirely locally without uploading code to the cloud, ensuring the security of code modifications by detecting coupling relationships, risk scores, and outdated dependencies between files.

A demonstration project showing security vulnerabilities in MCP servers, demonstrating the risk of remote code execution through simple addition operations.

CloudSword is an open-source tool that helps public cloud tenants discover and fix risks in the cloud environment, and supports multi-platform asset management and security protection.