Tool
Scan an MCP server
Submit any MCP server URL or GitHub repository. The static checks cover the tool-description-injection patterns documented on the methodology page. Checks 2-4 (tool output literals, dependency CVEs, permission audit) ship next; the report grows with each new check.
Requests join the next scheduled batch. Top-100 catalog servers scan every 14 days, the next 400 every 30 days, the tail every 90 days. Submitted-but-uncataloged servers get prioritized into the next pass. The per-server page lights up when the scan completes; we'll notify you if you leave an email with the request once the endpoint is wired.
The scan endpoint is being wired. While it's pending, contact the team for a manual pass on any server you're evaluating before installation.