MCP 安全扫描工具
Content
MCP 安全扫描工具
项目简介
MCP安全扫描工具是一个用于检测和验证MCP(Model Context Protocol)配置文件中服务器、提示词(prompts)、资源(resources)和工具(tools)安全性的Rust应用程序。
核心功能
- ✅ 扫描MCP配置文件中的服务器配置
- ✅ 自动验证服务器中的实体(prompts/resources/tools)安全性
- ✅ 支持审查模式,将prompts/resources/tools描述装换成中文
- ✅ 支持多种MCP服务器类型(SSE/Stdio)
- ✅ 实时显示扫描进度和结果
- ✅ 支持白名单管理功能
- ✅ 记录扫描历史并检测配置变更
技术栈
- 语言: Rust
- 主要依赖:
rmcp- MCP协议实现serde- 序列化/反序列化chrono- 时间处理colored- 终端彩色输出
安装与使用
安装
cargo install --path .
基本用法
mcp-security-scan [配置文件路径]
高级选项
--storage-path: 指定存储扫描结果的路径--base-url: 设置验证API的基础URL--reset-whitelist: 重置白名单
工作原理
- 解析MCP配置文件,提取服务器配置
- 连接到每个服务器并获取所有实体(prompts/resources/tools)
- 计算每个实体的MD5哈希值(基于描述信息)
- 通过验证API检查实体安全性
- 记录扫描结果并与历史记录比较
- 支持白名单功能跳过已验证的安全实体
配置示例
{
"mcpServers": {
"example_server": {
"url": "http://example.com/sse",
"type": "sse"
},
"local_mcp": {
"command": "npx",
"args": [
"-y",
"example-server"
]
}
}
}
贡献指南
欢迎提交Pull Request!请确保:
- 代码符合Rust惯用写法
- 包含适当的测试用例
- 更新相关文档
许可证
MIT
Recommend Servers
TraeBuild with Free GPT-4.1 & Claude 3.7. Fully MCP-Ready.
Playwright McpPlaywright MCP server
EdgeOne Pages MCPAn MCP service designed for deploying HTML content to EdgeOne Pages and obtaining an accessible public URL.
Zhipu Web SearchZhipu Web Search MCP Server is a search engine specifically designed for large models. It integrates four search engines, allowing users to flexibly compare and switch between them. Building upon the web crawling and ranking capabilities of traditional search engines, it enhances intent recognition capabilities, returning results more suitable for large model processing (such as webpage titles, URLs, summaries, site names, site icons, etc.). This helps AI applications achieve "dynamic knowledge acquisition" and "precise scenario adaptation" capabilities.
Amap Maps高德地图官方 MCP Server
Howtocook Mcp基于Anduin2017 / HowToCook (程序员在家做饭指南)的mcp server,帮你推荐菜谱、规划膳食,解决“今天吃什么“的世纪难题;
Based on Anduin2017/HowToCook (Programmer's Guide to Cooking at Home), MCP Server helps you recommend recipes, plan meals, and solve the century old problem of "what to eat today"
Visual Studio Code - Open Source ("Code - OSS")Visual Studio Code
ChatWiseThe second fastest AI chatbot™
DeepChatYour AI Partner on Desktop
Baidu Map百度地图核心API现已全面兼容MCP协议,是国内首家兼容MCP协议的地图服务商。
Serper MCP ServerA Serper MCP Server
TimeA Model Context Protocol server that provides time and timezone conversion capabilities. This server enables LLMs to get current time information and perform timezone conversions using IANA timezone names, with automatic system timezone detection.
CursorThe AI Code Editor
BlenderBlenderMCP connects Blender to Claude AI through the Model Context Protocol (MCP), allowing Claude to directly interact with and control Blender. This integration enables prompt assisted 3D modeling, scene creation, and manipulation.
WindsurfThe new purpose-built IDE to harness magic
Tavily Mcp
Context7Context7 MCP Server -- Up-to-date code documentation for LLMs and AI code editors
MiniMax MCPOfficial MiniMax Model Context Protocol (MCP) server that enables interaction with powerful Text to Speech, image generation and video generation APIs.
MCP AdvisorMCP Advisor & Installation - Use the right MCP server for your needs
Jina AI MCP ToolsA Model Context Protocol (MCP) server that integrates with Jina AI Search Foundation APIs.
AiimagemultistyleA Model Context Protocol (MCP) server for image generation and manipulation using fal.ai's Stable Diffusion model.