dfx-mcp-scanner 0.1.0__tar.gz

dfx_mcp_scanner-0.1.0/LICENSE

@@ -0,0 +1,22 @@
+MIT License
+
+Copyright (c) 2026 Dockfix Labs
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+

dfx_mcp_scanner-0.1.0/PKG-INFO

@@ -0,0 +1,94 @@
+Metadata-Version: 2.4
+Name: dfx-mcp-scanner
+Version: 0.1.0
+Summary: Security scanner for MCP (Model Context Protocol) servers — detect malicious tools, data exfiltration, and supply chain risks.
+Home-page: https://github.com/dockfixlabs/mcp-scanner
+Author: Dockfix Labs
+Author-email: Dockfix Labs <security@dockfixlabs.dev>
+License: MIT
+Keywords: mcp,model-context-protocol,security,scanner,ai-agents,claude,cursor
+Classifier: Development Status :: 3 - Alpha
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Topic :: Security
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: click>=8.1
+Requires-Dist: rich>=13.0
+Requires-Dist: pydantic>=2.0
+Requires-Dist: pyyaml>=6.0
+Provides-Extra: dev
+Requires-Dist: pytest>=7.0; extra == "dev"
+Requires-Dist: pytest-cov; extra == "dev"
+Requires-Dist: ruff; extra == "dev"
+Dynamic: author
+Dynamic: home-page
+Dynamic: license-file
+Dynamic: requires-python
+
+# 🔍 MCP Scanner
+
+> **Security scanner for MCP (Model Context Protocol) servers.** Detect malicious tools, data exfiltration, and supply chain risks before connecting an MCP server to your AI agent.
+
+[![Python 3.10+](https://img.shields.io/badge/Python-3.10+-3776AB?style=flat-square&logo=python&logoColor=white)](https://python.org)
+[![License: MIT](https://img.shields.io/badge/License-MIT-green?style=flat-square)](LICENSE)
+
+---
+
+## Why MCP Scanner?
+
+MCP servers give AI agents (Claude Code, Cursor, Copilot) direct access to tools, filesystems, and APIs. **But nobody is checking if those servers are safe.**
+
+MCP Scanner analyzes:
+- MCP server config files (Claude Code, Cursor, generic)
+- Command-level risks (`npx --yes`, `curl|bash`, `sudo`)
+- Secret exposure in environment variables
+- Filesystem and network access patterns
+- Source code of MCP server implementations (with AgentGuard integration)
+
+## Quick Start
+
+```bash
+pip install mcp-scanner
+
+# Scan your Claude Code MCP config
+mcp-scanner
+
+# Scan a specific config
+mcp-scanner ~/.cursor/mcp.json
+
+# JSON output
+mcp-scanner .mcp.json --format json
+```
+
+## What It Detects
+
+| Rule | Severity | Description |
+|------|----------|-------------|
+| Remote code execution | CRITICAL | `curl | bash` patterns in server startup |
+| Auto-install packages | HIGH | `npx --yes` without version pinning |
+| Privileged execution | CRITICAL | Server running as root/sudo |
+| Secret exposure | CRITICAL | Real API keys/tokens in config env vars |
+| Host filesystem access | HIGH | Server accessing `/etc`, `/root`, `/proc` |
+| External network access | MEDIUM | Server connecting to non-localhost URLs |
+| Excessive tool count | LOW | Server registering >20 tools |
+
+## Supported Configs
+
+- Claude Code (`~/.claude/claude_code_config.json`)
+- Cursor (`~/.cursor/mcp.json`)
+- Project-level (`.mcp.json`)
+- Generic MCP server configs
+
+## AgentGuard Integration
+
+When [AgentGuard](https://github.com/dockfixlabs/agentguard) is installed, MCP Scanner performs deep source code analysis on MCP server implementations using all 10 OWASP ASI detection rules.
+
+## License
+
+MIT — see [LICENSE](LICENSE).
+
+---
+
+Built by [Dockfix Labs](https://github.com/dockfixlabs).

dfx_mcp_scanner-0.1.0/README.md

@@ -0,0 +1,65 @@
+# 🔍 MCP Scanner
+
+> **Security scanner for MCP (Model Context Protocol) servers.** Detect malicious tools, data exfiltration, and supply chain risks before connecting an MCP server to your AI agent.
+
+[![Python 3.10+](https://img.shields.io/badge/Python-3.10+-3776AB?style=flat-square&logo=python&logoColor=white)](https://python.org)
+[![License: MIT](https://img.shields.io/badge/License-MIT-green?style=flat-square)](LICENSE)
+
+---
+
+## Why MCP Scanner?
+
+MCP servers give AI agents (Claude Code, Cursor, Copilot) direct access to tools, filesystems, and APIs. **But nobody is checking if those servers are safe.**
+
+MCP Scanner analyzes:
+- MCP server config files (Claude Code, Cursor, generic)
+- Command-level risks (`npx --yes`, `curl|bash`, `sudo`)
+- Secret exposure in environment variables
+- Filesystem and network access patterns
+- Source code of MCP server implementations (with AgentGuard integration)
+
+## Quick Start
+
+```bash
+pip install mcp-scanner
+
+# Scan your Claude Code MCP config
+mcp-scanner
+
+# Scan a specific config
+mcp-scanner ~/.cursor/mcp.json
+
+# JSON output
+mcp-scanner .mcp.json --format json
+```
+
+## What It Detects
+
+| Rule | Severity | Description |
+|------|----------|-------------|
+| Remote code execution | CRITICAL | `curl | bash` patterns in server startup |
+| Auto-install packages | HIGH | `npx --yes` without version pinning |
+| Privileged execution | CRITICAL | Server running as root/sudo |
+| Secret exposure | CRITICAL | Real API keys/tokens in config env vars |
+| Host filesystem access | HIGH | Server accessing `/etc`, `/root`, `/proc` |
+| External network access | MEDIUM | Server connecting to non-localhost URLs |
+| Excessive tool count | LOW | Server registering >20 tools |
+
+## Supported Configs
+
+- Claude Code (`~/.claude/claude_code_config.json`)
+- Cursor (`~/.cursor/mcp.json`)
+- Project-level (`.mcp.json`)
+- Generic MCP server configs
+
+## AgentGuard Integration
+
+When [AgentGuard](https://github.com/dockfixlabs/agentguard) is installed, MCP Scanner performs deep source code analysis on MCP server implementations using all 10 OWASP ASI detection rules.
+
+## License
+
+MIT — see [LICENSE](LICENSE).
+
+---
+
+Built by [Dockfix Labs](https://github.com/dockfixlabs).

dfx_mcp_scanner-0.1.0/dfx_mcp_scanner.egg-info/PKG-INFO

@@ -0,0 +1,94 @@
+Metadata-Version: 2.4
+Name: dfx-mcp-scanner
+Version: 0.1.0
+Summary: Security scanner for MCP (Model Context Protocol) servers — detect malicious tools, data exfiltration, and supply chain risks.
+Home-page: https://github.com/dockfixlabs/mcp-scanner
+Author: Dockfix Labs
+Author-email: Dockfix Labs <security@dockfixlabs.dev>
+License: MIT
+Keywords: mcp,model-context-protocol,security,scanner,ai-agents,claude,cursor
+Classifier: Development Status :: 3 - Alpha
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Topic :: Security
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: click>=8.1
+Requires-Dist: rich>=13.0
+Requires-Dist: pydantic>=2.0
+Requires-Dist: pyyaml>=6.0
+Provides-Extra: dev
+Requires-Dist: pytest>=7.0; extra == "dev"
+Requires-Dist: pytest-cov; extra == "dev"
+Requires-Dist: ruff; extra == "dev"
+Dynamic: author
+Dynamic: home-page
+Dynamic: license-file
+Dynamic: requires-python
+
+# 🔍 MCP Scanner
+
+> **Security scanner for MCP (Model Context Protocol) servers.** Detect malicious tools, data exfiltration, and supply chain risks before connecting an MCP server to your AI agent.
+
+[![Python 3.10+](https://img.shields.io/badge/Python-3.10+-3776AB?style=flat-square&logo=python&logoColor=white)](https://python.org)
+[![License: MIT](https://img.shields.io/badge/License-MIT-green?style=flat-square)](LICENSE)
+
+---
+
+## Why MCP Scanner?
+
+MCP servers give AI agents (Claude Code, Cursor, Copilot) direct access to tools, filesystems, and APIs. **But nobody is checking if those servers are safe.**
+
+MCP Scanner analyzes:
+- MCP server config files (Claude Code, Cursor, generic)
+- Command-level risks (`npx --yes`, `curl|bash`, `sudo`)
+- Secret exposure in environment variables
+- Filesystem and network access patterns
+- Source code of MCP server implementations (with AgentGuard integration)
+
+## Quick Start
+
+```bash
+pip install mcp-scanner
+
+# Scan your Claude Code MCP config
+mcp-scanner
+
+# Scan a specific config
+mcp-scanner ~/.cursor/mcp.json
+
+# JSON output
+mcp-scanner .mcp.json --format json
+```
+
+## What It Detects
+
+| Rule | Severity | Description |
+|------|----------|-------------|
+| Remote code execution | CRITICAL | `curl | bash` patterns in server startup |
+| Auto-install packages | HIGH | `npx --yes` without version pinning |
+| Privileged execution | CRITICAL | Server running as root/sudo |
+| Secret exposure | CRITICAL | Real API keys/tokens in config env vars |
+| Host filesystem access | HIGH | Server accessing `/etc`, `/root`, `/proc` |
+| External network access | MEDIUM | Server connecting to non-localhost URLs |
+| Excessive tool count | LOW | Server registering >20 tools |
+
+## Supported Configs
+
+- Claude Code (`~/.claude/claude_code_config.json`)
+- Cursor (`~/.cursor/mcp.json`)
+- Project-level (`.mcp.json`)
+- Generic MCP server configs
+
+## AgentGuard Integration
+
+When [AgentGuard](https://github.com/dockfixlabs/agentguard) is installed, MCP Scanner performs deep source code analysis on MCP server implementations using all 10 OWASP ASI detection rules.
+
+## License
+
+MIT — see [LICENSE](LICENSE).
+
+---
+
+Built by [Dockfix Labs](https://github.com/dockfixlabs).

dfx_mcp_scanner-0.1.0/dfx_mcp_scanner.egg-info/SOURCES.txt

@@ -0,0 +1,15 @@
+LICENSE
+README.md
+pyproject.toml
+setup.py
+dfx_mcp_scanner.egg-info/PKG-INFO
+dfx_mcp_scanner.egg-info/SOURCES.txt
+dfx_mcp_scanner.egg-info/dependency_links.txt
+dfx_mcp_scanner.egg-info/entry_points.txt
+dfx_mcp_scanner.egg-info/requires.txt
+dfx_mcp_scanner.egg-info/top_level.txt
+mcp_scanner/__init__.py
+mcp_scanner/cli.py
+mcp_scanner/models.py
+mcp_scanner/parser.py
+mcp_scanner/scanner.py

dfx_mcp_scanner-0.1.0/dfx_mcp_scanner.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

dfx_mcp_scanner-0.1.0/dfx_mcp_scanner.egg-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+mcp-scanner = mcp_scanner.cli:main

dfx_mcp_scanner-0.1.0/dfx_mcp_scanner.egg-info/requires.txt

@@ -0,0 +1,9 @@
+click>=8.1
+rich>=13.0
+pydantic>=2.0
+pyyaml>=6.0
+
+[dev]
+pytest>=7.0
+pytest-cov
+ruff

dfx_mcp_scanner-0.1.0/dfx_mcp_scanner.egg-info/top_level.txt

@@ -0,0 +1 @@
+mcp_scanner

dfx_mcp_scanner-0.1.0/mcp_scanner/__init__.py

@@ -0,0 +1,3 @@
+"""MCP Scanner — Security scanner for Model Context Protocol servers."""
+
+__version__ = "0.1.0"

dfx_mcp_scanner-0.1.0/mcp_scanner/cli.py

@@ -0,0 +1,74 @@
+"""CLI for MCP Scanner."""
+
+from __future__ import annotations
+import sys
+import json
+import click
+from rich.console import Console
+from rich.panel import Panel
+from rich.table import Table
+
+from mcp_scanner.scanner import scan_config
+
+
+@click.command()
+@click.argument("config_path", default="~/.claude/claude_code_config.json")
+@click.option("--format", "fmt", type=click.Choice(["text", "json"]), default="text")
+@click.option("--exit-code/--no-exit-code", default=True)
+def main(config_path: str, fmt: str, exit_code: bool) -> None:
+    """MCP Scanner — Security scanner for MCP server configurations.
+
+    CONFIG_PATH: Path to MCP config file (default: ~/.claude/claude_code_config.json)
+
+    Examples:
+        mcp-scanner                          # Scan default Claude Code config
+        mcp-scanner .mcp.json                # Scan project-level MCP config
+        mcp-scanner ~/.cursor/mcp.json       # Scan Cursor config
+    """
+    console = Console()
+    result = scan_config(config_path)
+
+    if fmt == "json":
+        print(json.dumps(result.model_dump(), indent=2, default=str))
+    else:
+        console.print()
+        console.print(Panel.fit(
+            f"[bold cyan]MCP Scanner[/bold cyan] — MCP Server Security Scan\n"
+            f"Config: [white]{result.target}[/white]\n"
+            f"Servers found: [white]{result.files_scanned - 1}[/white]",
+            border_style="cyan",
+        ))
+
+        if result.clean:
+            console.print("[bold green]✓ No vulnerabilities found.[/bold green]")
+        else:
+            table = Table(show_header=True, header_style="bold", border_style="dim")
+            table.add_column("Severity", width=12)
+            table.add_column("Rule", width=25)
+            table.add_column("Description")
+
+            for f in result.findings:
+                sev_color = {
+                    "CRITICAL": "bold red", "HIGH": "red",
+                    "MEDIUM": "yellow", "LOW": "blue", "INFO": "dim",
+                }.get(f.severity.value, "white")
+                table.add_row(
+                    f"[{sev_color}]{f.severity.value}[/{sev_color}]",
+                    f.rule_name,
+                    f.description,
+                )
+            console.print(table)
+            console.print()
+
+            console.print("[bold]Recommendations:[/bold]")
+            for f in result.findings:
+                console.print(f"  • {f.rule_name}: {f.recommendation}")
+
+        console.print()
+
+    if exit_code and not result.clean:
+        sys.exit(1)
+
+
+if __name__ == "__main__":
+    main()

dfx_mcp_scanner-0.1.0/mcp_scanner/models.py

@@ -0,0 +1,60 @@
+"""Core models for MCP Server security scanning."""
+
+from __future__ import annotations
+from enum import Enum
+from pydantic import BaseModel, Field
+
+
+class Severity(str, Enum):
+    CRITICAL = "CRITICAL"
+    HIGH = "HIGH"
+    MEDIUM = "MEDIUM"
+    LOW = "LOW"
+    INFO = "INFO"
+
+
+class Finding(BaseModel):
+    rule_id: str
+    rule_name: str
+    severity: Severity
+    file: str
+    line: int = 0
+    snippet: str = ""
+    description: str
+    recommendation: str
+    confidence: float = Field(ge=0.0, le=1.0)
+
+
+class ScanResult(BaseModel):
+    target: str
+    files_scanned: int
+    findings: list[Finding] = Field(default_factory=list)
+    scan_duration_ms: int = 0
+
+    @property
+    def clean(self) -> bool:
+        return len(self.findings) == 0
+
+    @property
+    def critical_count(self) -> int:
+        return sum(1 for f in self.findings if f.severity == Severity.CRITICAL)
+
+    @property
+    def high_count(self) -> int:
+        return sum(1 for f in self.findings if f.severity == Severity.HIGH)
+
+
+class MCPToolSpec(BaseModel):
+    """Parsed MCP tool definition from config or source."""
+    name: str
+    description: str = ""
+    command: str = ""
+    args: list[str] = Field(default_factory=list)
+    env: dict[str, str] = Field(default_factory=list)
+    source_file: str = ""
+
+
+class MCPServerConfig(BaseModel):
+    """Parsed MCP server configuration (e.g. from claude_code_config.json)."""
+    servers: dict[str, MCPToolSpec] = Field(default_factory=dict)
+    source_file: str = ""

dfx_mcp_scanner-0.1.0/mcp_scanner/parser.py

@@ -0,0 +1,54 @@
+"""MCP Server config parser — reads Claude Code, Cursor, and generic MCP configs."""
+
+from __future__ import annotations
+import json
+from pathlib import Path
+from mcp_scanner.models import MCPServerConfig, MCPToolSpec
+
+
+CONFIG_PATHS = [
+    "~/.claude/claude_code_config.json",
+    "~/.cursor/mcp.json",
+    "~/.config/mcp/servers.json",
+    ".mcp.json",
+    "mcp.json",
+]
+
+
+def parse_config(config_path: str) -> MCPServerConfig:
+    """Parse an MCP server config file."""
+    path = Path(config_path).expanduser()
+
+    if not path.exists():
+        return MCPServerConfig(source_file=str(path))
+
+    try:
+        data = json.loads(path.read_text(encoding="utf-8"))
+    except (json.JSONDecodeError, OSError):
+        return MCPServerConfig(source_file=str(path))
+
+    servers = {}
+    raw_servers = data.get("mcpServers", data.get("servers", {}))
+
+    for name, spec in raw_servers.items():
+        servers[name] = MCPToolSpec(
+            name=name,
+            description=spec.get("description", ""),
+            command=spec.get("command", ""),
+            args=spec.get("args", []),
+            env=spec.get("env", {}),
+            source_file=str(path),
+        )
+
+    return MCPServerConfig(servers=servers, source_file=str(path))
+
+
+def scan_mcp_source(server_name: str, spec: MCPToolSpec) -> list[str]:
+    """Get source files referenced by an MCP server config."""
+    files = []
+    for arg in spec.args:
+        if arg.endswith((".py", ".js", ".ts", ".sh")):
+            p = Path(arg).expanduser()
+            if p.exists():
+                files.append(str(p))
+    return files

dfx_mcp_scanner-0.1.0/mcp_scanner/scanner.py

@@ -0,0 +1,83 @@
+"""Scanner engine for MCP server configs and source files."""
+
+from __future__ import annotations
+import time
+from pathlib import Path
+
+from mcp_scanner.models import ScanResult, Finding, Severity
+from mcp_scanner.parser import parse_config
+from mcp_scanner.rules.checks import (
+    check_dangerous_command,
+    check_env_secrets,
+    check_unrestricted_access,
+)
+
+
+def scan_config(config_path: str) -> ScanResult:
+    """Scan an MCP server configuration file for security issues."""
+    start = time.time()
+    config = parse_config(config_path)
+    findings: list[Finding] = []
+
+    for name, spec in config.servers.items():
+        findings.extend(check_dangerous_command(name, spec.command, spec.args, config.source_file))
+        findings.extend(check_env_secrets(name, spec.env, config.source_file))
+        findings.extend(check_unrestricted_access(name, spec.args, config.source_file))
+
+    # Also scan referenced source files
+    files_scanned = 1  # the config file
+    for name, spec in config.servers.items():
+        from mcp_scanner.parser import scan_mcp_source
+        source_files = scan_mcp_source(name, spec)
+        files_scanned += len(source_files)
+
+    duration = int((time.time() - start) * 1000)
+
+    return ScanResult(
+        target=config_path,
+        files_scanned=files_scanned,
+        findings=findings,
+        scan_duration_ms=duration,
+    )
+
+
+def scan_source_file(file_path: str) -> list[Finding]:
+    """Scan an MCP server source file for security issues."""
+    findings: list[Finding] = []
+    path = Path(file_path)
+
+    if not path.exists():
+        return findings
+
+    try:
+        content = path.read_text(encoding="utf-8", errors="ignore")
+    except OSError:
+        return findings
+
+    # Import AgentGuard rules for deep scanning
+    try:
+        from agentguard.scanner import scan_file as ag_scan
+        ag_findings = ag_scan(path)
+        findings.extend(ag_findings)
+    except ImportError:
+        # AgentGuard not installed — do basic checks
+        import re
+        lines = content.splitlines()
+        for i, line in enumerate(lines, 1):
+            stripped = line.strip()
+            if stripped.startswith("#"):
+                continue
+            if re.search(r'\beval\s*\(', stripped):
+                findings.append(Finding(
+                    rule_id="MCP-EVAL",
+                    rule_name="eval() in MCP server",
+                    severity=Severity.CRITICAL,
+                    file=str(path),
+                    line=i,
+                    snippet=stripped[:200],
+                    description="eval() in MCP server source — code execution vulnerability",
+                    recommendation="Remove eval(). Use safe alternatives.",
+                    confidence=0.95,
+                ))
+
+    return findings

dfx_mcp_scanner-0.1.0/pyproject.toml

@@ -0,0 +1,35 @@
+[build-system]
+requires = ["setuptools>=68.0", "wheel"]
+build-backend = "setuptools.backends._legacy:_Backend"
+
+[project]
+name = "dfx-mcp-scanner"
+version = "0.1.0"
+description = "Security scanner for MCP (Model Context Protocol) servers — detect malicious tools, data exfiltration, and supply chain risks."
+readme = "README.md"
+license = {text = "MIT"}
+requires-python = ">=3.10"
+authors = [{name = "Dockfix Labs", email = "security@dockfixlabs.dev"}]
+keywords = ["mcp", "model-context-protocol", "security", "scanner", "ai-agents", "claude", "cursor"]
+classifiers = [
+    "Development Status :: 3 - Alpha",
+    "License :: OSI Approved :: MIT License",
+    "Programming Language :: Python :: 3",
+    "Topic :: Security",
+]
+dependencies = [
+    "click>=8.1",
+    "rich>=13.0",
+    "pydantic>=2.0",
+    "pyyaml>=6.0",
+]
+
+[project.optional-dependencies]
+dev = ["pytest>=7.0", "pytest-cov", "ruff"]
+
+[project.scripts]
+mcp-scanner = "mcp_scanner.cli:main"
+
+[tool.ruff]
+line-length = 100
+target-version = "py310"

dfx_mcp_scanner-0.1.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

dfx_mcp_scanner-0.1.0/setup.py

@@ -0,0 +1,18 @@
+from setuptools import setup, find_packages
+
+setup(
+    name="dfx-mcp-scanner",
+    version="0.1.0",
+    description="Security scanner for MCP (Model Context Protocol) servers.",
+    long_description=open("README.md").read(),
+    long_description_content_type="text/markdown",
+    license="MIT",
+    python_requires=">=3.10",
+    packages=find_packages(),
+    install_requires=["click>=8.1", "rich>=13.0", "pydantic>=2.0", "pyyaml>=6.0"],
+    extras_require={"dev": ["pytest>=7.0", "pytest-cov", "ruff"]},
+    entry_points={"console_scripts": ["mcp-scanner=mcp_scanner.cli:main"]},
+    author="Dockfix Labs",
+    author_email="security@dockfixlabs.dev",
+    url="https://github.com/dockfixlabs/mcp-scanner",
+)