Is this MCP server safe to install? Get an AIVSS score in under a minute — no signup required for public repos.
Flags lookalike package names, unverified publishers, and unpinned dependencies before they reach your install chain.
Detects command injection, SQL injection, SSRF, path traversal, and hardcoded secrets — the code-level bugs that turn MCP servers into exploits.
Five independent LLM judges uncover tool poisoning, silent rug pulls, indirect prompt injection, and obfuscated intent that pattern matching misses.
Audits each tool's real-world reach — flagging excessive permissions, weak authentication, and network exposure beyond its stated purpose.
GitHub URL, npm scoped package, or pip package — we normalise them all. Pin a specific version with @version.
Typosquat, static, behavioral, readiness, and 5-LLM consensus run in parallel across commit fingerprints.
AIVSS 0–10 score, per-tool findings, CWE mapping, and copy-safe config snippets. Previously scanned packages return in under a second.
AI Vulnerability Severity Score extends CVSS with agentic-threat factors.
The MCP ecosystem moves fast. Security tooling for it doesn't — yet. MCPSafe brings automated scanning, multi-LLM consensus, and AIVSS scoring to every package before it touches your agent.