A comprehensive MCP configuration scanner with client-aware security analysis.
Project description
MCP Armor
🚀 Overview
MCP Armor is a comprehensive security scanner for Model Context Protocol (MCP). Automatically discovers, analyzes, and secures MCP servers integrated with all major Agentic IDEs, Agents and Clients.
💡 Features
- 🔍 Auto-Discovery: Finds known MCP configurations for popular Agentic IDEs like Cursor, Windsurf, VS Code, Claude Desktop, and more
- 🔧 Tool, Resource & Prompt Inventory: Connects to MCP servers and catalogs available tools, resources, and prompt templates
- 🛡️ Security Analysis: Specialized security checks including Prompt Injection, Rug Pull Attack, Cross-server Tool Shadowing, Tool Poisoning, Tool Name Ambiguity, and more..
- 🧭 Baseline Drift Detection: Captures approved MCP components and detects rug pulls attacks
- 📊 Comprehensive Reporting: Generates JSON and Markdown reports with actionable findings
- 📜 Audit Trail: Timestamped baselines and reports for full traceability of changes and findings
🧰 Installation
pip install mcp-armor
🏃 Quick Start
# Scan all configurations with security analysis (auto-detects baseline.json if present)
mcp-armor scan
# Inspect configurations and generate baseline (defaults to baseline.json)
mcp-armor inspect
# Use custom configuration file
mcp-armor scan --config /path/to/config.json
# Scan multiple configuration files
mcp-armor scan \
--config /path/to/cursor.mcp.json \
--config /path/to/vscode.mcp.json
# Use custom baseline file path
mcp-armor inspect --baseline /path/to/my-baseline.json
mcp-armor scan --baseline /path/to/my-baseline.json
# Generate markdown report
mcp-armor scan --report-type md
# Save to custom file
mcp-armor scan --output my-report.json
mcp-armor scan --report-type md --output my-report.md
⚙️ Command Options
| Option | Description |
|---|---|
--config |
Custom configuration file path (can be used multiple times) |
--baseline |
Baseline file for drift detection (scan) or creation (inspect) |
--report-type {json,md} |
Output format (default: json) |
--output |
Custom output file path |
--verbose |
Detailed terminal output |
--show-logs |
Display debug logs in terminal |
🔰 Security Checks
🛡️ Standard Checks
- Prompt Injection
- Indirect Prompt Injection
- Cross-Server Tool Shadowing
- Tool Poisoning
- Prompt Injection in Tool Description, Name and Args
- Command Injection in Tool Description, Name and Args
- Tool Name Ambiguity
- Command Injection
- Excessive Tool Permissions
- Hardcoded Secrets
🧭 Baseline Checks
Detects deviations from approved MCP components (requires a baseline generated via inspect mode):
- Rug Pull Attack
- Tool Modified
- Resource Modified
- Resource Template Modified
- Prompt Modified
📃 Logging
Logs are automatically saved to logs/mcp_armor.log:
# Default: logs saved to file only
mcp-armor scan
# Show logs in terminal too
mcp-armor scan --show-logs
🧪 Demo
Test MCP Armor using our intentionally vulnerable MCP servers. For details, see the demo guide.
⚡ Want More?
This open-source version covers static MCP configuration scanning. For teams that need deeper protection, Aira Security offers a full enterprise platform with:
| Capability | Open Source | Aira Platform |
|---|---|---|
| MCP config scanning | ✅ | ✅ |
| Prompt & command injection detection | ✅ | ✅ |
| Tool poisoning & shadowing checks | ✅ | ✅ |
| Hardcoded secrets detection | ✅ | ✅ |
| Runtime enforcement & blocking | ❌ | ✅ |
| Agent behavior policy enforcement (toxic flow analysis) | ❌ | ✅ |
| Skills scanner (agentic workflow & capability analysis) | ❌ | ✅ |
| Custom security policies | ❌ | ✅ |
| Aira dashboard (centralized visibility & alerting) | ❌ | ✅ |
| Complete Agentic Security (beyond MCP — Agents, Workflows, and Skills) | ❌ | ✅ |
🚀 See Aira in Action to experience the full platform.
🌟 Community
Join our Slack - a space for developers and security engineers building together to secure AI agents.
❓ FAQs
Q: Is my source code ever shared, or does everything run locally?
MCP Armor runs entirely locally. Inspect and scan modes analyze your MCP configurations, detect MCP servers integrated with your agents, and evaluate them directly on your machine. Prompt injection checks use our open-source model Aira-security/FT-Llama-Prompt-Guard-2, downloaded from Hugging Face to your local environment, ensuring your data and code is never shared externally.
⚖️ License
Distributed under the Apache 2.0 License. See LICENSE for more information.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file mcp_armor-1.0.2.tar.gz.
File metadata
- Download URL: mcp_armor-1.0.2.tar.gz
- Upload date:
- Size: 50.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2601a3c5a33c91f995f7ae538d1413b86d05e9874d96da472d4fe4f5b9470d5f
|
|
| MD5 |
2c9013f962bfba3daec24971a4b2de50
|
|
| BLAKE2b-256 |
9b40117976aaf0133c56047c616c62e5a0f7ec6dddbacca787c194d492d3177e
|
File details
Details for the file mcp_armor-1.0.2-py3-none-any.whl.
File metadata
- Download URL: mcp_armor-1.0.2-py3-none-any.whl
- Upload date:
- Size: 53.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
14024c09eb6c26700e3580ab57b38aa283d1367449749e04bb1255621d644034
|
|
| MD5 |
6519abfe47df6bcbc58cfea9578e6e38
|
|
| BLAKE2b-256 |
71ef11aace6f93602665ff3c8c43195024ac6e4f3debc3e1dcbf3fdec063799e
|
