PRAQTOR MCP-S — AI Agent Security Scanner for MCP servers
Project description
PRAQTOR MCP-S
AI Agent Security Scanner for MCP Servers
Scan live MCP servers and configuration files for security vulnerabilities. 8 detection engines, attack chain analysis, zero false positives.
Installation
pip install praqtor-mcp
Quick Start
# Set your API key
export PRAQTOR_API_KEY=your-api-key
# Scan a live MCP server by URL
praqtor-mcp scan-url https://mcp.example.com/sse
# Scan a config file
praqtor-mcp scan config.json
# Output as JSON
praqtor-mcp scan-url https://mcp.example.com/sse --format json
# Output as SARIF (for GitHub Advanced Security)
praqtor-mcp scan-url https://mcp.example.com/sse --format sarif > results.sarif
How It Works
URL Scan — Point at any live MCP server. PRAQTOR connects via SSE or Streamable HTTP, discovers tools automatically, then runs all 8 security engines against the real tool definitions.
Config Scan — Pass your mcpServers JSON configuration. PRAQTOR analyzes the server definitions, tool schemas, and cross-server interactions.
Detection Engines
| Engine | Code | What It Detects |
|---|---|---|
| Secret & Data Exposure | SDE | API keys, tokens, credentials in configs |
| Semantic Threat Analysis | STA | Tool poisoning, description manipulation |
| Schema Integrity Monitor | SIM | Schema drift, type confusion attacks |
| Package Provenance | PPV | Supply chain risks, unverified packages |
| Cross-Origin Influence | COI | Cross-server trust violations |
| Data Flow Path Analysis | DFP | Sensitive data flowing between tools |
| Permission Alignment | CPA | Over-permissioned tool capabilities |
| Attack Surface Hardening | ASH | Injection surfaces, SSRF, command injection |
Plus ENABLES — attack chain wiring that connects findings across engines.
Commands
scan-url — Scan a Live MCP Server
praqtor-mcp scan-url https://mcp.example.com/sse
Connects to the MCP server, performs protocol handshake, discovers all tools via tools/list, and runs the full 8-engine scan.
scan — Scan a Config File
praqtor-mcp scan my-mcp-config.json
Analyzes an MCP configuration file (the same format used by Claude Desktop, Cursor, etc.).
health — Check API Status
praqtor-mcp health
Output Formats
| Format | Flag | Use Case |
|---|---|---|
| Text | --format text |
Terminal output with colors (default) |
| JSON | --format json |
Programmatic consumption, CI/CD |
| SARIF | --format sarif |
GitHub Advanced Security integration |
Filtering
# Only show critical findings
praqtor-mcp scan-url https://mcp.example.com/sse --severity critical
# Limit output
praqtor-mcp scan-url https://mcp.example.com/sse --limit 10
CI/CD Integration
GitHub Actions
- name: Scan MCP Config
run: |
pip install praqtor-mcp
praqtor-mcp scan mcp-config.json --format sarif > praqtor-results.sarif
env:
PRAQTOR_API_KEY: ${{ secrets.PRAQTOR_API_KEY }}
- name: Upload SARIF
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: praqtor-results.sarif
Exit Codes
| Code | Meaning |
|---|---|
| 0 | Passed — no critical or high findings |
| 1 | Warning — high severity findings detected |
| 2 | Failed — critical findings detected |
Configuration
Set credentials via environment variables or command-line flags:
# Environment variables (recommended)
export PRAQTOR_API_URL=https://praqtormcp.fly.dev
export PRAQTOR_API_KEY=your-api-key
# Or use flags
praqtor-mcp scan-url https://example.com/sse --api-url https://praqtormcp.fly.dev --api-key YOUR_KEY
API
PRAQTOR MCP-S also provides a REST API for programmatic access:
curl -X POST https://praqtormcp.fly.dev/api/v1/scan/url \
-H "X-API-Key: YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{"url": "https://mcp.example.com/sse"}'
Full API docs: https://praqtormcp.fly.dev/api
License
MIT
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file praqtor_mcp-1.0.0.tar.gz.
File metadata
- Download URL: praqtor_mcp-1.0.0.tar.gz
- Upload date:
- Size: 9.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
91e1bd2382214ad22735a574df3e71d7f51f045d23714a4a670402ffe1da7a3a
|
|
| MD5 |
b782b6f99a012efd82a698406362af15
|
|
| BLAKE2b-256 |
132b85d1f77664b57fc0bbdb5e148423635f26311a045ccbf46f7ea9caff267f
|
File details
Details for the file praqtor_mcp-1.0.0-py3-none-any.whl.
File metadata
- Download URL: praqtor_mcp-1.0.0-py3-none-any.whl
- Upload date:
- Size: 9.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3dcae6902dcbc0725b1d24fc9c4ad8a2705badb007b35e993153b0c2d99e1ac9
|
|
| MD5 |
2f319f267c1737897cbbc166c5d4e6c1
|
|
| BLAKE2b-256 |
9187d7404b6fd90cebd7d12e643431a94557636d2377aad018015334993d5806
|
