Free Tool — Up to 20 Checks

Scan your MCP servers
for vulnerabilities.
Free.

The most comprehensive free MCP security scanner. Up to 20 checks across authentication, protocol, vulnerability, and hygiene — mapped to the OWASP MCP Top 10. Only checks that produce definitive results are shown.

12 servers scanned

Running security checks…

No signup required · 3 scans per day per IP

What we check

Up to 20 checks across 4 categories, mapped to the OWASP MCP Security Top 10. Only tests that produce definitive PASS/FAIL results are included in your report.

Authentication & Authorization

Authentication required — real MCP initialize probe

MCP manifest required fields (auth, scopes, version, contact)

Protocol Security

Tool enumeration without auth (tools/list)

Tool execution without auth (tools/call)

Scope boundary validation — unknown tool rejection

TLS configuration — HSTS enforcement

Auth token validation — invalid & alg:none JWT rejection

Vulnerability Testing

Prompt injection resistance — 3 payload variants

SSRF via tool parameters — metadata endpoint probe

Input size limits — 100 KB DoS resistance

Rate limiting — header check + 5-request burst

CORS policy — origin reflection test

Output sanitization — XSS prevention in tool responses

Error information leakage — stack trace detection

Schema validation — type confusion & prototype pollution

Security headers — CSP, XFO, XCTO, Referrer-Policy

Hygiene & Hardening

Invocation logging — trace header detection

Dependency disclosure — Server & X-Powered-By headers

Response size limits — context flooding prevention

Multi-tool privilege escalation — per-tool auth

Scan your MCP serversfor vulnerabilities.Free.

What we check

Scan your MCP servers
for vulnerabilities.
Free.