MCP-Scan is a security scanning tool for MCP servers, used to detect common security vulnerabilities such as prompt injection, tool poisoning, and cross-domain escalation.

MCP - Shield is a security tool for scanning MCP server vulnerabilities, which can detect security risks such as tool poisoning attacks, data leakage channels, and cross - domain violations.

Agentic Radar is a security scanning tool for analyzing and assessing agentic systems, helping developers, researchers, and security experts understand the workflows of agentic systems and identify potential vulnerabilities.

Aderyn is an open - source Solidity smart contract static analysis tool written in Rust, which helps developers and security researchers discover vulnerabilities in Solidity code. It supports Foundry and Hardhat projects, can generate reports in multiple formats, and provides a VSCode extension.

Cycode CLI is a locally installed application used to scan code repositories for security vulnerabilities, including sensitive information leakage, Infrastructure as Code misconfigurations, Software Composition Analysis vulnerabilities, and Static Application Security Testing issues. This tool supports multiple scan types, such as repository scanning, path scanning, and commit history scanning, and provides an ignore rule function to exclude specific results.

The Semgrep MCP Server is a server based on the Model Context Protocol (MCP) for scanning code for security vulnerabilities through Semgrep, supporting multiple integration methods and tools.

Web Application Penetration Testing MCP is a comprehensive tool focusing on the analysis of business logic security vulnerabilities. Through systematic crawling and analysis, it can identify security issues that standard scanners cannot detect.

AI package security scanning tool, offering two modes: CLI and MCP server. It can quickly detect vulnerabilities, prompt injection, and supply chain attacks in MCP servers, AI skills, and software packages.

AI code review and issue repair agent for analyzing codebases, detecting security vulnerabilities, reviewing code quality, and providing repair suggestions based on Sentry error logs.

The Mallory MCP Server is a server that provides real-time network threat intelligence and supports proxy access to network security-related information such as vulnerabilities, threat actors, and malware.

Lanalyzer is an advanced Python static taint analysis tool used to detect potential security vulnerabilities in Python projects.

The Secure Chain MCP Server is a service that provides software supply - chain security inspection tools. It supports Docker deployment and integrates multiple databases and APIs for monitoring and analyzing software dependencies and vulnerabilities.

CyberMCP is a network security testing server based on the MCP protocol, focusing on detecting security vulnerabilities in backend APIs and providing various security tools and resources such as authentication testing, injection testing, and data leakage detection.

A security analysis MCP server integrating OSV.dev and an AI model to detect code vulnerabilities and provide security suggestions.

An MCP server tool for auditing security vulnerabilities in npm package dependencies, providing real-time security scanning and detailed vulnerability reports.

AI Coding Assistant Security Scanner, scans code vulnerabilities, detects AI hallucination packages, and prevents prompt injection attacks through MCP or CLI, supports 12 languages and more than 1,700 security rules

This project demonstrates an MCP server and client with security vulnerabilities for educational purposes, showing security risks such as SQL injection and arbitrary code execution.

DVMCP is an educational project that demonstrates security vulnerabilities by deliberately implementing a vulnerable Model Context Protocol (MCP). It contains 10 challenges of increasing difficulty to help learn about security issues in MCP implementations.

Contrast MCP Server is a bridge that connects Contrast security data with AI agents/LLMs, helping developers and security professionals quickly fix vulnerabilities. It supports multiple deployment methods, including local running and Docker containers, and can be integrated with tools such as VS Code and Copilot.

CodeSentinel is a code quality analysis server based on the Model Context Protocol (MCP), specifically designed to detect 93 hidden problem patterns in AI-generated code, including security vulnerabilities, deceptive error handling, placeholder code, etc. It uses pattern matching rather than AST analysis to find code that is syntactically correct but semantically problematic.

The Inkog MCP Server is a code security scanning and compliance verification tool specifically designed for AI agent development. It provides functions such as static analysis, governance file verification, MCP server audit, and multi - framework compliance report generation to help developers detect logical defects and security vulnerabilities early in the development process.

A demonstration project showing security vulnerabilities in MCP servers, demonstrating the risk of remote code execution through simple addition operations.

An MCP server for network security vulnerability assessment, providing functions such as GitHub repository search, NIST NVD query, access to the CISA Known Vulnerabilities Catalog, and CVE research and analysis.

GuardianMCP is an MCP server that automatically scans for security vulnerabilities in project dependencies. It supports npm and Composer, provides real-time alerts and multiple scanning modes, and can be integrated with mainstream IDEs.