mcpscan v0.1.0-alpha.1

mcpscan v0.1.0-alpha.1

Initial alpha release of mcpscan, a local-first security scanner for Model Context Protocol servers.

What works

• Scans MCP servers over stdio
• Scans MCP servers over tested Streamable HTTP
• Enumerates tools, resources, prompts, and server metadata
• Runs deterministic security checks with no LLM verdict path
• Emits terminal, JSON, and Markdown reports
• Stores safe evidence only
• Enforces payload_stored=false on findings

Active checks

• MCP-001 Tool description prompt injection
• MCP-010 Dangerous capability exposure
• MCP-020 Secret exposure in metadata
• MCP-021 Sensitive data/file exposure
• MCP-030 Command/code injection surface
• MCP-040 Observed unauthenticated remote enumeration
• MCP-041 Missing TLS
• MCP-050 Static known-name lookalike check

Deferred

• MCP-002 Tool definition drift / baseline diff

Transport support

• stdio: supported and tested
• Streamable HTTP: supported and integration-tested locally
• SSE: wired through the MCP SDK where available, but not integration-tested yet

Privacy model

mcpscan is local-first.

It does not upload source code, prompts, secrets, or raw MCP responses. Findings use redacted/actionable evidence and set payload_stored=false.

Verification

Release hygiene completed with:

• ruff format
• ruff check
• pytest
• python -m mcpscan --help
• python -m mcpscan list-checks
• benign stdio fixture scan
• malicious stdio fixture scan
• local Streamable HTTP fixture scan
• JSON smoke contract validating payload_stored=false