@zcode-apps/mcp-sentinel 0.1.1 → 0.2.1

package/README.md

@@ -13,24 +13,55 @@ npm install -g @zcode-apps/mcp-sentinel
 mcp-sentinel scan https://your-mcp-server.com
 ```
 
+## Usage
+
+```bash
+# Basic scan (text output)
+npx @zcode-apps/mcp-sentinel scan https://api.example.com/mcp
+
+# JSON output
+npx @zcode-apps/mcp-sentinel scan https://api.example.com/mcp --json
+
+# Verbose mode (show evidence)
+npx @zcode-apps/mcp-sentinel scan https://api.example.com/mcp --verbose
+```
+
 ## Features
 
-- **RCE Detection** - Remote Code Execution vulnerability scanning
-- **Auth Audit** - Authentication gap detection
-- **Path Traversal** - File access vulnerability scanning
-- **OWASP MCP Top 10** - Full compliance check
+- **MCP Protocol Detection** - Verifies valid MCP endpoints
+- **Authentication Bypass** - Checks for missing auth
+- **Dangerous Tool Detection** - Finds tools with RCE, file access, SQL risks
+- **Path Traversal** - Detects unsafe resource URIs
+- **Prompt Injection Risks** - Identifies dynamic prompt vulnerabilities
 
-## Usage
+## Output Example
 
-```bash
-# Basic scan
-npx @zcode-apps/mcp-sentinel scan https://api.example.com
+```
+🔍 MCP Sentinel - Security Scanner
+
+Target: https://api.example.com/mcp
+──────────────────────────────────────────────────
 
-# With output file
-npx @zcode-apps/mcp-sentinel scan https://api.example.com --output report.json
+🔵 INFO:
 
-# Verbose mode
-npx @zcode-apps/mcp-sentinel scan https://api.example.com --verbose
+   [INFO]
+   MCP Server detected: my-mcp-server v1.0.0
+   
+   [INFO]
+   Found 5 exposed tools: ["get_weather", "run_command", "read_file"]
+
+🟠 HIGH SEVERITY:
+
+   [AUTH_BYPASS]
+   MCP server accepts unauthenticated connections
+   💡 Recommendation: Implement authentication on MCP endpoints
+
+──────────────────────────────────────────────────
+📊 SUMMARY:
+   Critical: 0
+   High:     1
+   Medium:   0
+   Info:     2
 ```
 
 ## Why MCP Sentinel?
@@ -43,53 +74,10 @@ npx @zcode-apps/mcp-sentinel scan https://api.example.com --verbose
 
 **Don't be part of the 43%.** Scan your MCP servers today.
 
-## Known CVEs Detected
-
-| CVE | Type | CVSS |
-|-----|------|------|
-| CVE-2026-01234 | Prompt Injection RCE | 9.8 |
-| CVE-2026-2178 | xcode-mcp-server RCE | 9.1 |
-| CVE-2026-27825 | MCPwnfluence Attack Chain | 9.1 |
-| CVE-2026-27826 | MCPwnfluence RCE | 8.2 |
-| CVE-2026-02345 | MCP DoS | 6.5 |
-
-## Output Format
-
-```json
-{
-  "url": "https://api.example.com",
-  "timestamp": "2026-03-13T09:00:00Z",
-  "vulnerabilities": [
-    {
-      "type": "RCE",
-      "severity": "CRITICAL",
-      "description": "Command injection in tool execution",
-      "recommendation": "Sanitize all user inputs before execution"
-    }
-  ],
-  "summary": {
-    "critical": 1,
-    "high": 0,
-    "medium": 0,
-    "low": 0
-  }
-}
-```
-
-## Programmatic Usage
-
-```typescript
-import { MCPSentinel } from '@zcode-apps/mcp-sentinel';
-
-const scanner = new MCPSentinel();
-const results = await scanner.scan('https://api.example.com');
-
-console.log(results.vulnerabilities);
-```
-
 ## Repository
 
-**GitLab:** https://git.z-code.ai/openclaw-dev/arc-mcp-sentinel
+**GitLab:** https://git.z-code.ai/openclaw-dev/arc-mcp-sentinel  
+**npm:** https://www.npmjs.com/package/@zcode-apps/mcp-sentinel
 
 ## License
 
@@ -97,4 +85,4 @@ MIT License
 
 ---
 
-**Built by ARC** | **Published by zcode-apps**
+**Built by ARC**

package/dist/cli.js

@@ -4,13 +4,68 @@ import { MCPSentinel } from './scanner.js';
 const program = new Command();
 program
     .name('mcp-sentinel')
-    .description('MCP Security Scanner - Scans for vulnerabilities');
+    .description('MCP Security Scanner - Detects vulnerabilities in MCP servers')
+    .version('0.2.1');
 program
     .command('scan <url>')
-    .description('Scan a URL for vulnerabilities')
-    .action(async (url) => {
+    .description('Scan an MCP server endpoint for security vulnerabilities')
+    .option('-j, --json', 'Output as JSON', false)
+    .option('-v, --verbose', 'Show detailed evidence', false)
+    .action(async (url, options) => {
     const scanner = new MCPSentinel();
+    if (!options.json) {
+        console.log(`\n🔍 MCP Sentinel - Security Scanner\n`);
+        console.log(`Target: ${url}\n`);
+        console.log('─'.repeat(50));
+    }
     const results = await scanner.scan(url);
-    console.log(JSON.stringify(results, null, 2));
+    if (options.json) {
+        console.log(JSON.stringify(results, null, 2));
+        return;
+    }
+    // Text output
+    if (results.length === 0) {
+        console.log('✅ No vulnerabilities found.\n');
+        return;
+    }
+    // Group by severity
+    const critical = results.filter(r => r.severity === 'critical');
+    const high = results.filter(r => r.severity === 'high');
+    const medium = results.filter(r => r.severity === 'medium');
+    const low = results.filter(r => r.severity === 'low');
+    if (critical.length > 0) {
+        console.log('\n🔴 CRITICAL VULNERABILITIES:');
+        critical.forEach(v => printVulnerability(v, options.verbose || false));
+    }
+    if (high.length > 0) {
+        console.log('\n🟠 HIGH SEVERITY:');
+        high.forEach(v => printVulnerability(v, options.verbose || false));
+    }
+    if (medium.length > 0) {
+        console.log('\n🟡 MEDIUM SEVERITY:');
+        medium.forEach(v => printVulnerability(v, options.verbose || false));
+    }
+    if (low.length > 0) {
+        console.log('\n🔵 INFO:');
+        low.forEach(v => printVulnerability(v, options.verbose || false));
+    }
+    // Summary
+    console.log('\n' + '─'.repeat(50));
+    console.log('📊 SUMMARY:');
+    console.log(`   Critical: ${critical.length}`);
+    console.log(`   High:     ${high.length}`);
+    console.log(`   Medium:   ${medium.length}`);
+    console.log(`   Info:     ${low.length}`);
+    console.log('');
 });
+function printVulnerability(v, verbose) {
+    console.log(`\n   [${v.type}]`);
+    console.log(`   ${v.description}`);
+    if (verbose && v.evidence) {
+        console.log(`   Evidence: ${JSON.stringify(v.evidence, null, 2).split('\n').join('\n   ')}`);
+    }
+    if (v.recommendation) {
+        console.log(`   💡 Recommendation: ${v.recommendation}`);
+    }
+}
 program.parse();

package/dist/scanner.d.ts

@@ -1,4 +1,15 @@
+export interface Vulnerability {
+    type: string;
+    severity: 'critical' | 'high' | 'medium' | 'low';
+    description: string;
+    evidence?: any;
+    recommendation?: string;
+}
 export declare class MCPSentinel {
-    scan(url: string): Promise<any[]>;
-    private checkRCE;
+    scan(url: string): Promise<Vulnerability[]>;
+    private sendMCPRequest;
+    private checkAuthBypass;
+    private analyzeTool;
+    private checkPathTraversal;
+    private analyzePrompt;
 }

package/dist/scanner.js

@@ -2,44 +2,214 @@ import fetch from 'node-fetch';
 export class MCPSentinel {
     async scan(url) {
         const results = [];
-        // RCE Detection Check
-        const rceResult = await this.checkRCE(url);
-        if (rceResult) {
-            results.push(rceResult);
+        console.error(`[MCP Sentinel] Scanning ${url}...`);
+        // 1. Check if MCP endpoint is accessible
+        const baseUrl = url.replace(/\/$/, '');
+        // 2. Try MCP Initialize handshake
+        let serverInfo = null;
+        try {
+            const initResponse = await this.sendMCPRequest(baseUrl, {
+                jsonrpc: '2.0',
+                id: 1,
+                method: 'initialize',
+                params: {
+                    protocolVersion: '2024-11-05',
+                    clientInfo: {
+                        name: 'mcp-sentinel',
+                        version: '0.1.0'
+                    },
+                    capabilities: {}
+                }
+            });
+            if (initResponse.result) {
+                serverInfo = initResponse.result;
+                results.push({
+                    type: 'INFO',
+                    severity: 'low',
+                    description: `MCP Server detected: ${serverInfo.serverInfo?.name || 'Unknown'} v${serverInfo.serverInfo?.version || 'Unknown'}`,
+                    evidence: serverInfo
+                });
+            }
+        }
+        catch (error) {
+            results.push({
+                type: 'MCP_PROTOCOL_ERROR',
+                severity: 'medium',
+                description: `MCP endpoint not responding properly: ${error.message}`,
+                recommendation: 'Verify the URL is a valid MCP server endpoint'
+            });
+            return results;
+        }
+        // 3. Check for authentication bypass
+        const authResult = await this.checkAuthBypass(baseUrl);
+        if (authResult)
+            results.push(authResult);
+        // 4. List and analyze tools
+        try {
+            const toolsResponse = await this.sendMCPRequest(baseUrl, {
+                jsonrpc: '2.0',
+                id: 2,
+                method: 'tools/list'
+            });
+            if (toolsResponse.result?.tools) {
+                const tools = toolsResponse.result.tools;
+                results.push({
+                    type: 'INFO',
+                    severity: 'low',
+                    description: `Found ${tools.length} exposed tools`,
+                    evidence: tools.map((t) => t.name)
+                });
+                // Check for dangerous tools
+                for (const tool of tools) {
+                    const toolCheck = this.analyzeTool(tool);
+                    if (toolCheck)
+                        results.push(toolCheck);
+                }
+            }
+        }
+        catch (error) {
+            results.push({
+                type: 'TOOLS_ACCESS_ERROR',
+                severity: 'medium',
+                description: `Could not enumerate tools: ${error.message}`
+            });
+        }
+        // 5. Check for resource exposure
+        try {
+            const resourcesResponse = await this.sendMCPRequest(baseUrl, {
+                jsonrpc: '2.0',
+                id: 3,
+                method: 'resources/list'
+            });
+            if (resourcesResponse.result?.resources) {
+                const resources = resourcesResponse.result.resources;
+                // Check for path traversal
+                for (const resource of resources) {
+                    const pathCheck = this.checkPathTraversal(resource);
+                    if (pathCheck)
+                        results.push(pathCheck);
+                }
+            }
+        }
+        catch (error) {
+            // Resources might not be implemented
+        }
+        // 6. Check for prompt injection vulnerabilities
+        try {
+            const promptsResponse = await this.sendMCPRequest(baseUrl, {
+                jsonrpc: '2.0',
+                id: 4,
+                method: 'prompts/list'
+            });
+            if (promptsResponse.result?.prompts) {
+                for (const prompt of promptsResponse.result.prompts) {
+                    const promptCheck = this.analyzePrompt(prompt);
+                    if (promptCheck)
+                        results.push(promptCheck);
+                }
+            }
+        }
+        catch (error) {
+            // Prompts might not be implemented
         }
         return results;
     }
-    async checkRCE(url) {
+    async sendMCPRequest(url, body) {
         const controller = new AbortController();
-        const timeoutId = setTimeout(() => controller.abort(), 5000);
+        const timeoutId = setTimeout(() => controller.abort(), 10000);
         try {
             const response = await fetch(url, {
-                signal: controller.signal,
-                timeout: 5000
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                },
+                body: JSON.stringify(body),
+                signal: controller.signal
             });
-            // Anzeichen für RCE-Schwachstellen
-            const headers = Object.fromEntries(response.headers.entries());
-            // Verdächtige Header-Anzeichen
-            if (headers['x-php-version'] || headers['server']?.includes('nginx')) {
+            const data = await response.json();
+            return data;
+        }
+        finally {
+            clearTimeout(timeoutId);
+        }
+    }
+    async checkAuthBypass(url) {
+        // Try to access without authentication
+        try {
+            const response = await this.sendMCPRequest(url, {
+                jsonrpc: '2.0',
+                id: 'auth-check',
+                method: 'initialize',
+                params: {
+                    protocolVersion: '2024-11-05',
+                    clientInfo: { name: 'unauthenticated', version: '1.0.0' },
+                    capabilities: {}
+                }
+            });
+            if (response.result && !response.error) {
                 return {
-                    type: 'potential_rce',
-                    severity: 'medium',
-                    description: 'Verdächtige Server-Header könnten auf RCE-Angriffe hinweisen',
-                    evidence: headers
+                    type: 'AUTH_BYPASS',
+                    severity: 'high',
+                    description: 'MCP server accepts unauthenticated connections',
+                    recommendation: 'Implement authentication on MCP endpoints'
                 };
             }
-            return null;
         }
         catch (error) {
+            // Server requires auth - good
+        }
+        return null;
+    }
+    analyzeTool(tool) {
+        const dangerousPatterns = [
+            { pattern: /exec|eval|run|execute/i, severity: 'critical', type: 'COMMAND_INJECTION_RISK' },
+            { pattern: /file|read|write|delete/i, severity: 'high', type: 'FILE_ACCESS_RISK' },
+            { pattern: /shell|bash|cmd|powershell/i, severity: 'critical', type: 'SHELL_COMMAND_RISK' },
+            { pattern: /sql|database|query/i, severity: 'high', type: 'SQL_INJECTION_RISK' },
+            { pattern: /http|fetch|request/i, severity: 'medium', type: 'SSRF_RISK' },
+        ];
+        const toolName = tool.name || '';
+        const toolDesc = tool.description || '';
+        const inputSchema = JSON.stringify(tool.inputSchema || {});
+        for (const { pattern, severity, type } of dangerousPatterns) {
+            if (pattern.test(toolName) || pattern.test(toolDesc) || pattern.test(inputSchema)) {
+                return {
+                    type,
+                    severity: severity,
+                    description: `Tool '${toolName}' may allow ${type.replace(/_/g, ' ').toLowerCase()}`,
+                    evidence: { toolName, toolDesc, inputSchema: tool.inputSchema },
+                    recommendation: `Review tool '${toolName}' for proper input validation and access controls`
+                };
+            }
+        }
+        return null;
+    }
+    checkPathTraversal(resource) {
+        const uri = resource.uri || '';
+        // Check for path traversal patterns
+        if (uri.includes('..') || uri.includes('~') || uri.includes('/etc/') || uri.includes('/var/')) {
             return {
-                type: 'scan_error',
-                severity: 'low',
-                description: `Scan-Fehler: ${error.message}`,
-                url: url
+                type: 'PATH_TRAVERSAL',
+                severity: 'high',
+                description: `Resource URI may be vulnerable to path traversal: ${uri}`,
+                recommendation: 'Validate and sanitize resource URIs'
             };
         }
-        finally {
-            clearTimeout(timeoutId);
+        return null;
+    }
+    analyzePrompt(prompt) {
+        const name = prompt.name || '';
+        const description = prompt.description || '';
+        // Check for prompt injection risks
+        if (description.toLowerCase().includes('user input') ||
+            description.toLowerCase().includes('dynamic')) {
+            return {
+                type: 'PROMPT_INJECTION_RISK',
+                severity: 'medium',
+                description: `Prompt '${name}' accepts dynamic input`,
+                recommendation: 'Implement prompt injection guards'
+            };
         }
+        return null;
     }
 }

package/package.json

@@ -1,12 +1,19 @@
 {
   "name": "@zcode-apps/mcp-sentinel",
-  "version": "0.1.1",
+  "version": "0.2.1",
   "type": "module",
+  "main": "dist/scanner.js",
+  "types": "dist/scanner.d.ts",
   "bin": {
     "mcp-sentinel": "./dist/cli.js"
   },
+  "description": "Security scanner for MCP (Model Context Protocol) servers",
+  "keywords": ["mcp", "security", "scanner", "vulnerability", "rce", "model-context-protocol"],
+  "author": "ARC",
+  "license": "MIT",
   "scripts": {
-    "build": "tsc"
+    "build": "tsc",
+    "start": "node dist/cli.js"
   },
   "dependencies": {
     "chalk": "^5.3.0",

package/src/cli.ts

@@ -1,19 +1,86 @@
 #!/usr/bin/env node
 import { Command } from 'commander';
-import { MCPSentinel } from './scanner.js';
+import { MCPSentinel, Vulnerability } from './scanner.js';
 
 const program = new Command();
+
 program
   .name('mcp-sentinel')
-  .description('MCP Security Scanner - Scans for vulnerabilities');
+  .description('MCP Security Scanner - Detects vulnerabilities in MCP servers')
+  .version('0.2.1');
 
 program
   .command('scan <url>')
-  .description('Scan a URL for vulnerabilities')
-  .action(async (url) => {
+  .description('Scan an MCP server endpoint for security vulnerabilities')
+  .option('-j, --json', 'Output as JSON', false)
+  .option('-v, --verbose', 'Show detailed evidence', false)
+  .action(async (url, options) => {
     const scanner = new MCPSentinel();
+    
+    if (!options.json) {
+      console.log(`\n🔍 MCP Sentinel - Security Scanner\n`);
+      console.log(`Target: ${url}\n`);
+      console.log('─'.repeat(50));
+    }
+
     const results = await scanner.scan(url);
-    console.log(JSON.stringify(results, null, 2));
+
+    if (options.json) {
+      console.log(JSON.stringify(results, null, 2));
+      return;
+    }
+
+    // Text output
+    if (results.length === 0) {
+      console.log('✅ No vulnerabilities found.\n');
+      return;
+    }
+
+    // Group by severity
+    const critical = results.filter(r => r.severity === 'critical');
+    const high = results.filter(r => r.severity === 'high');
+    const medium = results.filter(r => r.severity === 'medium');
+    const low = results.filter(r => r.severity === 'low');
+
+    if (critical.length > 0) {
+      console.log('\n🔴 CRITICAL VULNERABILITIES:');
+      critical.forEach(v => printVulnerability(v, options.verbose || false));
+    }
+
+    if (high.length > 0) {
+      console.log('\n🟠 HIGH SEVERITY:');
+      high.forEach(v => printVulnerability(v, options.verbose || false));
+    }
+
+    if (medium.length > 0) {
+      console.log('\n🟡 MEDIUM SEVERITY:');
+      medium.forEach(v => printVulnerability(v, options.verbose || false));
+    }
+
+    if (low.length > 0) {
+      console.log('\n🔵 INFO:');
+      low.forEach(v => printVulnerability(v, options.verbose || false));
+    }
+
+    // Summary
+    console.log('\n' + '─'.repeat(50));
+    console.log('📊 SUMMARY:');
+    console.log(`   Critical: ${critical.length}`);
+    console.log(`   High:     ${high.length}`);
+    console.log(`   Medium:   ${medium.length}`);
+    console.log(`   Info:     ${low.length}`);
+    console.log('');
   });
 
-program.parse();
+function printVulnerability(v: Vulnerability, verbose: boolean): void {
+  console.log(`\n   [${v.type}]`);
+  console.log(`   ${v.description}`);
+  if (verbose && v.evidence) {
+    console.log(`   Evidence: ${JSON.stringify(v.evidence, null, 2).split('\n').join('\n   ')}`);
+  }
+  if (v.recommendation) {
+    console.log(`   💡 Recommendation: ${v.recommendation}`);
+  }
+}
+
+program.parse();

package/src/scanner.ts

@@ -1,51 +1,243 @@
 import fetch, { RequestInit, Response } from 'node-fetch';
 
+export interface Vulnerability {
+  type: string;
+  severity: 'critical' | 'high' | 'medium' | 'low';
+  description: string;
+  evidence?: any;
+  recommendation?: string;
+}
+
 export class MCPSentinel {
-  async scan(url: string): Promise<any[]> {
-    const results = [];
+  async scan(url: string): Promise<Vulnerability[]> {
+    const results: Vulnerability[] = [];
+    
+    console.error(`[MCP Sentinel] Scanning ${url}...`);
 
-    // RCE Detection Check
-    const rceResult = await this.checkRCE(url);
-    if (rceResult) {
-      results.push(rceResult);
+    // 1. Check if MCP endpoint is accessible
+    const baseUrl = url.replace(/\/$/, '');
+    
+    // 2. Try MCP Initialize handshake
+    let serverInfo: any = null;
+    try {
+      const initResponse = await this.sendMCPRequest(baseUrl, {
+        jsonrpc: '2.0',
+        id: 1,
+        method: 'initialize',
+        params: {
+          protocolVersion: '2024-11-05',
+          clientInfo: {
+            name: 'mcp-sentinel',
+            version: '0.1.0'
+          },
+          capabilities: {}
+        }
+      });
+      
+      if (initResponse.result) {
+        serverInfo = initResponse.result;
+        results.push({
+          type: 'INFO',
+          severity: 'low',
+          description: `MCP Server detected: ${serverInfo.serverInfo?.name || 'Unknown'} v${serverInfo.serverInfo?.version || 'Unknown'}`,
+          evidence: serverInfo
+        });
+      }
+    } catch (error: any) {
+      results.push({
+        type: 'MCP_PROTOCOL_ERROR',
+        severity: 'medium',
+        description: `MCP endpoint not responding properly: ${error.message}`,
+        recommendation: 'Verify the URL is a valid MCP server endpoint'
+      });
+      return results;
+    }
+
+    // 3. Check for authentication bypass
+    const authResult = await this.checkAuthBypass(baseUrl);
+    if (authResult) results.push(authResult);
+
+    // 4. List and analyze tools
+    try {
+      const toolsResponse = await this.sendMCPRequest(baseUrl, {
+        jsonrpc: '2.0',
+        id: 2,
+        method: 'tools/list'
+      });
+
+      if (toolsResponse.result?.tools) {
+        const tools = toolsResponse.result.tools;
+        results.push({
+          type: 'INFO',
+          severity: 'low',
+          description: `Found ${tools.length} exposed tools`,
+          evidence: tools.map((t: any) => t.name)
+        });
+
+        // Check for dangerous tools
+        for (const tool of tools) {
+          const toolCheck = this.analyzeTool(tool);
+          if (toolCheck) results.push(toolCheck);
+        }
+      }
+    } catch (error: any) {
+      results.push({
+        type: 'TOOLS_ACCESS_ERROR',
+        severity: 'medium',
+        description: `Could not enumerate tools: ${error.message}`
+      });
+    }
+
+    // 5. Check for resource exposure
+    try {
+      const resourcesResponse = await this.sendMCPRequest(baseUrl, {
+        jsonrpc: '2.0',
+        id: 3,
+        method: 'resources/list'
+      });
+
+      if (resourcesResponse.result?.resources) {
+        const resources = resourcesResponse.result.resources;
+        
+        // Check for path traversal
+        for (const resource of resources) {
+          const pathCheck = this.checkPathTraversal(resource);
+          if (pathCheck) results.push(pathCheck);
+        }
+      }
+    } catch (error: any) {
+      // Resources might not be implemented
+    }
+
+    // 6. Check for prompt injection vulnerabilities
+    try {
+      const promptsResponse = await this.sendMCPRequest(baseUrl, {
+        jsonrpc: '2.0',
+        id: 4,
+        method: 'prompts/list'
+      });
+
+      if (promptsResponse.result?.prompts) {
+        for (const prompt of promptsResponse.result.prompts) {
+          const promptCheck = this.analyzePrompt(prompt);
+          if (promptCheck) results.push(promptCheck);
+        }
+      }
+    } catch (error: any) {
+      // Prompts might not be implemented
     }
 
     return results;
   }
 
-  private async checkRCE(url: string): Promise<any | null> {
+  private async sendMCPRequest(url: string, body: any): Promise<any> {
     const controller = new AbortController();
-    const timeoutId = setTimeout(() => controller.abort(), 5000);
+    const timeoutId = setTimeout(() => controller.abort(), 10000);
 
     try {
-      const response: Response = await fetch(url, {
-        signal: controller.signal,
-        timeout: 5000
+      const response = await fetch(url, {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+        },
+        body: JSON.stringify(body),
+        signal: controller.signal
       } as RequestInit);
 
-      // Anzeichen für RCE-Schwachstellen
-      const headers = Object.fromEntries(response.headers.entries());
-      
-      // Verdächtige Header-Anzeichen
-      if (headers['x-php-version'] || headers['server']?.includes('nginx')) {
+      const data = await response.json();
+      return data;
+    } finally {
+      clearTimeout(timeoutId);
+    }
+  }
+
+  private async checkAuthBypass(url: string): Promise<Vulnerability | null> {
+    // Try to access without authentication
+    try {
+      const response = await this.sendMCPRequest(url, {
+        jsonrpc: '2.0',
+        id: 'auth-check',
+        method: 'initialize',
+        params: {
+          protocolVersion: '2024-11-05',
+          clientInfo: { name: 'unauthenticated', version: '1.0.0' },
+          capabilities: {}
+        }
+      });
+
+      if (response.result && !response.error) {
         return {
-          type: 'potential_rce',
-          severity: 'medium',
-          description: 'Verdächtige Server-Header könnten auf RCE-Angriffe hinweisen',
-          evidence: headers
+          type: 'AUTH_BYPASS',
+          severity: 'high',
+          description: 'MCP server accepts unauthenticated connections',
+          recommendation: 'Implement authentication on MCP endpoints'
         };
       }
+    } catch (error) {
+      // Server requires auth - good
+    }
+    return null;
+  }
 
-      return null;
-    } catch (error: any) {
+  private analyzeTool(tool: any): Vulnerability | null {
+    const dangerousPatterns = [
+      { pattern: /exec|eval|run|execute/i, severity: 'critical', type: 'COMMAND_INJECTION_RISK' },
+      { pattern: /file|read|write|delete/i, severity: 'high', type: 'FILE_ACCESS_RISK' },
+      { pattern: /shell|bash|cmd|powershell/i, severity: 'critical', type: 'SHELL_COMMAND_RISK' },
+      { pattern: /sql|database|query/i, severity: 'high', type: 'SQL_INJECTION_RISK' },
+      { pattern: /http|fetch|request/i, severity: 'medium', type: 'SSRF_RISK' },
+    ];
+
+    const toolName = tool.name || '';
+    const toolDesc = tool.description || '';
+    const inputSchema = JSON.stringify(tool.inputSchema || {});
+
+    for (const { pattern, severity, type } of dangerousPatterns) {
+      if (pattern.test(toolName) || pattern.test(toolDesc) || pattern.test(inputSchema)) {
+        return {
+          type,
+          severity: severity as any,
+          description: `Tool '${toolName}' may allow ${type.replace(/_/g, ' ').toLowerCase()}`,
+          evidence: { toolName, toolDesc, inputSchema: tool.inputSchema },
+          recommendation: `Review tool '${toolName}' for proper input validation and access controls`
+        };
+      }
+    }
+
+    return null;
+  }
+
+  private checkPathTraversal(resource: any): Vulnerability | null {
+    const uri = resource.uri || '';
+    
+    // Check for path traversal patterns
+    if (uri.includes('..') || uri.includes('~') || uri.includes('/etc/') || uri.includes('/var/')) {
       return {
-        type: 'scan_error',
-        severity: 'low',
-        description: `Scan-Fehler: ${error.message}`,
-        url: url
+        type: 'PATH_TRAVERSAL',
+        severity: 'high',
+        description: `Resource URI may be vulnerable to path traversal: ${uri}`,
+        recommendation: 'Validate and sanitize resource URIs'
       };
-    } finally {
-      clearTimeout(timeoutId);
     }
+
+    return null;
   }
-}
+
+  private analyzePrompt(prompt: any): Vulnerability | null {
+    const name = prompt.name || '';
+    const description = prompt.description || '';
+
+    // Check for prompt injection risks
+    if (description.toLowerCase().includes('user input') || 
+        description.toLowerCase().includes('dynamic')) {
+      return {
+        type: 'PROMPT_INJECTION_RISK',
+        severity: 'medium',
+        description: `Prompt '${name}' accepts dynamic input`,
+        recommendation: 'Implement prompt injection guards'
+      };
+    }
+
+    return null;
+  }
+}