Skip to content

Releases: Orisan-org/mcpscan

mcpscan v0.1.0-alpha.2

06 Jun 09:10
@rakeshb114 rakeshb114
v0.1.0-alpha.2
c4daf68

Choose a tag to compare

View all tags
mcpscan v0.1.0-alpha.2 Pre-release
Pre-release

mcpscan v0.1.0-alpha.2

Validation-driven alpha patch for mcpscan.

This release tightens scanner behavior based on manual testing against real MCP servers and improves field-readiness ergonomics.

Fixed

  • Reduced MCP-030 false positives by requiring actual command/code execution semantics.
    • search_nodes(query) and generic memory/search tools no longer trigger command/code injection findings.
  • Fixed MCP-010 false negative for network fetch capability.
    • fetch(url) now reports outbound network request capability as dangerous capability exposure.
  • Improved CLI ergonomics:
    • clearer message for unsupported local config/path scanning
    • rejects --header with stdio commands instead of silently ignoring it
    • clearer dead remote URL connection/refused errors
  • Added validation docs for:
    • stale/global install troubleshooting
    • memory/filesystem/fetch validation notes
    • safe validation workflow

Validated manually

  • Memory MCP server: Grade A, 0 findings after MCP-030 tuning
  • Filesystem MCP server: MCP-010 findings on file read/write/edit capability tools
  • Fetch MCP server: MCP-010 finding on outbound network request capability

Still deferred

  • MCP-002 baseline/tool definition drift
  • SSE integration testing
  • MCP config-file scanning
  • terminal inventory view

Verification

  • ruff check
  • pytest
  • bash scripts/validation_smoke.sh
  • python -m mcpscan --help
  • python -m mcpscan list-checks
Loading

mcpscan v0.1.0-alpha.1

05 Jun 23:53
@rakeshb114 rakeshb114
v0.1.0-alpha.1
096219f

Choose a tag to compare

View all tags
mcpscan v0.1.0-alpha.1 Pre-release
Pre-release

mcpscan v0.1.0-alpha.1

Initial alpha release of mcpscan, a local-first security scanner for Model Context Protocol servers.

What works

  • Scans MCP servers over stdio
  • Scans MCP servers over tested Streamable HTTP
  • Enumerates tools, resources, prompts, and server metadata
  • Runs deterministic security checks with no LLM verdict path
  • Emits terminal, JSON, and Markdown reports
  • Stores safe evidence only
  • Enforces payload_stored=false on findings

Active checks

  • MCP-001 Tool description prompt injection
  • MCP-010 Dangerous capability exposure
  • MCP-020 Secret exposure in metadata
  • MCP-021 Sensitive data/file exposure
  • MCP-030 Command/code injection surface
  • MCP-040 Observed unauthenticated remote enumeration
  • MCP-041 Missing TLS
  • MCP-050 Static known-name lookalike check

Deferred

  • MCP-002 Tool definition drift / baseline diff

Transport support

  • stdio: supported and tested
  • Streamable HTTP: supported and integration-tested locally
  • SSE: wired through the MCP SDK where available, but not integration-tested yet

Privacy model

mcpscan is local-first.

It does not upload source code, prompts, secrets, or raw MCP responses. Findings use redacted/actionable evidence and set payload_stored=false.

Verification

Release hygiene completed with:

  • ruff format
  • ruff check
  • pytest
  • python -m mcpscan --help
  • python -m mcpscan list-checks
  • benign stdio fixture scan
  • malicious stdio fixture scan
  • local Streamable HTTP fixture scan
  • JSON smoke contract validating payload_stored=false
Loading