MCP-Scan is a security scanning tool for MCP servers, used to detect common security vulnerabilities such as prompt injection, tool poisoning, and cross-domain escalation.

MCP - Shield is a security tool for scanning MCP server vulnerabilities, which can detect security risks such as tool poisoning attacks, data leakage channels, and cross - domain violations.

Agentic Radar is a security scanning tool for analyzing and assessing agentic systems, helping developers, researchers, and security experts understand the workflows of agentic systems and identify potential vulnerabilities.

Aderyn is an open - source Solidity smart contract static analysis tool written in Rust, which helps developers and security researchers discover vulnerabilities in Solidity code. It supports Foundry and Hardhat projects, can generate reports in multiple formats, and provides a VSCode extension.

Cycode CLI is a locally installed application used to scan code repositories for security vulnerabilities, including sensitive information leakage, Infrastructure as Code misconfigurations, Software Composition Analysis vulnerabilities, and Static Application Security Testing issues. This tool supports multiple scan types, such as repository scanning, path scanning, and commit history scanning, and provides an ignore rule function to exclude specific results.

The Semgrep MCP Server is a server based on the Model Context Protocol (MCP) for scanning code for security vulnerabilities through Semgrep, supporting multiple integration methods and tools.

Web Application Penetration Testing MCP is a comprehensive tool focusing on the analysis of business logic security vulnerabilities. Through systematic crawling and analysis, it can identify security issues that standard scanners cannot detect.

AI code review and issue repair agent for analyzing codebases, detecting security vulnerabilities, reviewing code quality, and providing repair suggestions based on Sentry error logs.

Lanalyzer is an advanced Python static taint analysis tool used to detect potential security vulnerabilities in Python projects.

The Mallory MCP Server is a server that provides real-time network threat intelligence and supports proxy access to network security-related information such as vulnerabilities, threat actors, and malware.

The Secure Chain MCP Server is a service that provides software supply - chain security inspection tools. It supports Docker deployment and integrates multiple databases and APIs for monitoring and analyzing software dependencies and vulnerabilities.

An MCP server tool for auditing security vulnerabilities in npm package dependencies, providing real-time security scanning and detailed vulnerability reports.

A security analysis MCP server integrating OSV.dev and an AI model to detect code vulnerabilities and provide security suggestions.

CyberMCP is a network security testing server based on the MCP protocol, focusing on detecting security vulnerabilities in backend APIs and providing various security tools and resources such as authentication testing, injection testing, and data leakage detection.

DVMCP is an educational project that demonstrates security vulnerabilities by deliberately implementing a vulnerable Model Context Protocol (MCP). It contains 10 challenges of increasing difficulty to help learn about security issues in MCP implementations.

This project demonstrates an MCP server and client with security vulnerabilities for educational purposes, showing security risks such as SQL injection and arbitrary code execution.

Contrast MCP Server is a bridge that connects Contrast security data with AI agents/LLMs, helping developers and security professionals quickly fix vulnerabilities. It supports multiple deployment methods, including local running and Docker containers, and can be integrated with tools such as VS Code and Copilot.

An MCP server for network security vulnerability assessment, providing functions such as GitHub repository search, NIST NVD query, access to the CISA Known Vulnerabilities Catalog, and CVE research and analysis.

A demonstration project showing security vulnerabilities in MCP servers, demonstrating the risk of remote code execution through simple addition operations.