Comprehensive security analysis of Model Context Protocol servers
We probe each endpoint for StreamableHTTP, SSE, and legacy transports. Servers are tested with the official MCP SDK client libraries.
Every tool's input schema is analyzed for validation quality — missing constraints, overly permissive types, and missing descriptions reduce the score.
Tool parameters and descriptions are scanned for patterns that could expose personal data: emails, addresses, SSNs, credentials, API keys.
Tool descriptions are checked for prompt injection patterns — instruction overrides, persona hijacking, covert action commands, data exfiltration directives.
We identify tools that accept arbitrary URLs, webhooks, or callback endpoints — vectors for exfiltrating data from the LLM context.
Tools that write files, execute commands, install packages, or manage processes are flagged with appropriate severity levels.