A command-line tool for analyzing MCP servers.
Project description
MCPScanner
MCPScanner is a command-line tool for analyzing MCP servers. It does the following:
- Discovers MCP Servers: It automatically searches for MCP server configuration files in well-known locations on the host system.
- Analyzes Tools and Resources: It connects to each discovered server to fetch the list of available tools and resources.
- Security Scanning with CrowdStrike AIDR: It uses the CrowdStrike AIDR service to scan the tools for malicious entities and prompts.
- Generates Reports: It creates a JSON report (default
mcpscanner.json) containing the analysis results. - Detects Changes: It can compare the current state of a server's tools with a previous report and display a diff if any changes are detected.
- Finds Similar Tools: It can identify tools with similar functionality.
Installation
pip install -U crowdstrike-aidr-mcpscanner
Configuration
Before using MCPScanner, you need to set the CS_AIDR_TOKEN environment
variable to a CrowdStrike AIDR API token and the CS_AIDR_BASE_URL_TEMPLATE
environment variable to the base URL of the CrowdStrike AIDR API.
export CS_AIDR_TOKEN="your_token_here"
export CS_AIDR_BASE_URL_TEMPLATE="https://api.crowdstrike.com/aidr/{SERVICE_NAME}"
Usage
The primary command is scan, which runs the analysis.
mcpscanner scan
Options
| Parameter | Description | Default |
|---|---|---|
--input <PATH> |
The input file containing a previous report to compare against. | mcpscanner.json |
--output <PATH> |
The file where the new report will be saved. | mcpscanner.json |
--list-tools |
If set, the names of all tools for each MCP server will be listed in the output. | False |
--mcp-config-files <FILES> |
A list of files to discover MCP servers from. | A list of well-known paths for different operating systems. |
--similarity-threshold <FLOAT> |
The threshold (between 0.0 and 1.0) for two tools to be considered similar. | 0.96 |
--syntax-theme <THEME> |
The syntax theme to use for displaying JSON diffs. | github-dark |
--poll-result-timeout |
Timeout (seconds) for polling AIDR results. | 30 |
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file crowdstrike_aidr_mcpscanner-0.1.0.tar.gz.
File metadata
- Download URL: crowdstrike_aidr_mcpscanner-0.1.0.tar.gz
- Upload date:
- Size: 6.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c29576a54a6c87a94e33e518c24382955934a38bf96094cc00552c49062b3654
|
|
| MD5 |
1c14f92af1d8d5b40a16cf9c87313b54
|
|
| BLAKE2b-256 |
a3f4b71123080793c6bde3bffc6399b2f3c97ec658d647ca77149b7db599fa95
|
Provenance
The following attestation bundles were made for crowdstrike_aidr_mcpscanner-0.1.0.tar.gz:
Publisher:
publish.yml on CrowdStrike/mcpscanner
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
crowdstrike_aidr_mcpscanner-0.1.0.tar.gz -
Subject digest:
c29576a54a6c87a94e33e518c24382955934a38bf96094cc00552c49062b3654 - Sigstore transparency entry: 771519727
- Sigstore integration time:
-
Permalink:
CrowdStrike/mcpscanner@c28bba25b33917337b98b8e725d16fb6365c81de -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/CrowdStrike
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@c28bba25b33917337b98b8e725d16fb6365c81de -
Trigger Event:
release
-
Statement type:
File details
Details for the file crowdstrike_aidr_mcpscanner-0.1.0-py3-none-any.whl.
File metadata
- Download URL: crowdstrike_aidr_mcpscanner-0.1.0-py3-none-any.whl
- Upload date:
- Size: 7.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
653274d1d272734aa9b97ccc4691765ef41cd364beabc642f3ae7987331f0a5f
|
|
| MD5 |
72d714a9a3598f5c2bd77151f4831365
|
|
| BLAKE2b-256 |
fcbb88d8811b0e2704d4d7290154c1274a08da07ea5fb0131f5d0422a970cece
|
Provenance
The following attestation bundles were made for crowdstrike_aidr_mcpscanner-0.1.0-py3-none-any.whl:
Publisher:
publish.yml on CrowdStrike/mcpscanner
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
crowdstrike_aidr_mcpscanner-0.1.0-py3-none-any.whl -
Subject digest:
653274d1d272734aa9b97ccc4691765ef41cd364beabc642f3ae7987331f0a5f - Sigstore transparency entry: 771519728
- Sigstore integration time:
-
Permalink:
CrowdStrike/mcpscanner@c28bba25b33917337b98b8e725d16fb6365c81de -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/CrowdStrike
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@c28bba25b33917337b98b8e725d16fb6365c81de -
Trigger Event:
release
-
Statement type:
