MCP Security Scanner · Playground

know what you're
installing before you npx it.

Paste your MCP server config. Get an instant security report. Everything runs in your browser — no install, no account, no telemetry.

hardcoded secrets unpinned versions insecure transport typosquatting known malicious servers CVE / OSV audit prompt injection

your config

npm registry live blocklist CVE / OSV audit

results

✦

paste a config on the left, then click scan

know what you'reinstalling before you npx it.