Last released Jul 1, 2026
Static analyzer for MCP server repos: 4 checks (BadHost / Starlette CVE-2026-48710, FastMCP wrapper-layer asyncio.run bug, loose @mcp.tool() schemas, subprocess command-injection w/ cross-function taint propagation).
Supported by