Trust analysis for MCP servers and AI agents.
Nullsec analyzes MCP servers for dangerous tools, permission risks, prompt injection surfaces, and agent trust metadata. Every scan produces a Trust Score, a capability manifest, and a machine-readable NSIP manifest — the first open standard for agent trust.
npx nullsec-mcp https://github.com/org/your-mcp-serverOutput:
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Nullsec MCP Trust Score: 82/100
Grade: B-
Risk Level: low
Dangerous Tools: 0
Filesystem Access: Yes
Shell Execution: No
Wallet Access: No
Network Egress: Yes
Database Access: No
Credential Access: No
Prompt Injection Risk: low
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
| Module | Description |
|---|---|
| Tool Inventory | Discovers all registered tools, classifies capabilities (filesystem, shell, network, database, wallet, credentials) |
| Dangerous Capabilities | Flags tools with unguarded dangerous operations; distinguishes mitigated vs unguarded |
| Permission Analysis | Maps credential surface from env vars, README docs, and source code |
| Injection Surface | AI-powered detection of confused-deputy attacks, unsanitized outputs, and tool-chaining risks |
| Input Validation | Static analysis for path traversal, SQL injection, command injection, SSRF, eval |
| Network Egress | Identifies outbound domains and dynamic URL fetching (SSRF risk) |
| Trust Scoring | Deterministic 0–100 score with grade, risk level, and capability breakdown |
npm install -g nullsec-mcp# Full scan with AI analysis
export ANTHROPIC_API_KEY=sk-ant-...
nullsec-mcp https://github.com/modelcontextprotocol/servers
# Skip AI analysis (faster, no API key needed)
nullsec-mcp https://github.com/org/server --no-ai
# JSON output (for CI/CD pipelines)
nullsec-mcp https://github.com/org/server --json
# Generate NSIP manifest
nullsec-mcp https://github.com/org/server --nsip
# Private repos
export GITHUB_TOKEN=ghp_...
nullsec-mcp https://github.com/private-org/server
# Custom size limit
nullsec-mcp https://github.com/org/large-server --max-size 500Every scan can output a draft NSIP manifest — a machine-readable trust document for MCP servers:
nullsec-mcp https://github.com/org/server --nsipGenerates nsip.json:
{
"schema": "nsip/v0.1",
"name": "example-mcp-server",
"trust_score": 82,
"grade": "B-",
"capabilities": {
"filesystem": true,
"shell_execution": false,
"wallet_transactions": false,
"network_egress": true,
"database": false,
"credential_access": false
},
"tools": {
"total": 5,
"dangerous": 0,
"names": ["read_file", "list_files", "search", "fetch_url", "summarize"]
},
"risk_level": "low",
"prompt_injection_risk": "minimal",
"external_domains": ["api.example.com"],
"credential_surface": ["API_TOKEN"],
"verified_by": "nullsec",
"verified_at": "2025-01-15T10:30:00.000Z"
}Use this to build trust registries, block dangerous servers in agent orchestrators, or show trust badges in marketplaces.
| Code | Meaning |
|---|---|
| 0 | Trust Score ≥ 80 (low/minimal risk) |
| 1 | Trust Score 40–79 (medium/high risk) |
| 2 | Trust Score < 40 (critical risk) |
import { fetchRepo, isMCPServer, runMCPScan, computeTrustScore, generateNSIP } from 'nullsec-mcp';
const repo = await fetchRepo('https://github.com/org/mcp-server');
if (await isMCPServer(repo.path)) {
const result = await runMCPScan({
repoPath: repo.path,
emit: async (event) => console.log(event.event, event.detail),
});
const trust = computeTrustScore(result);
console.log(`Score: ${trust.score}/100 (${trust.grade})`);
const nsip = generateNSIP(result);
console.log(JSON.stringify(nsip, null, 2));
}
await repo.cleanup();| Variable | Required | Description |
|---|---|---|
ANTHROPIC_API_KEY |
For AI analysis | Enables injection surface detection via Claude |
GITHUB_TOKEN |
For private repos | Also increases GitHub API rate limits |
git clone https://github.com/trynullsec/nullsec
cd nullsec
npm install
npm test
npm run dev -- https://github.com/some/mcp-serverMIT