Scan MCP tools before they scan you.

Threat detection

Prompt injection, tool poisoning, hidden unicode, command injection, SQL injection, XSS, SSRF, and data exfiltration — all checked automatically.

MCP compliance

Validates against the MCP 2025-11-25 spec: required fields, name format, schema types, annotations, and additionalProperties.

Letter grades

Weighted scoring across security (40%), compliance (35%), and quality (25%). A+ to F with actionable remarks for every deduction.

Plugin system

Extend with custom security rules, compliance checks, and quality validators. Load from directories, entry points, or register programmatically.

SARIF output

SARIF v2.1.0 reports for GitHub Code Scanning, Azure DevOps, and VS Code. Security findings appear as inline annotations on PRs.

Concurrent scanning

Parallel file processing with --jobs N. Compact JSON (~50% smaller) and streaming mode for large batches.

CLI

# Scan a tool definition
tool-scan my_tool.json

# Strict mode for CI gates
tool-scan --strict --min-score 80 \
  tools/*.json

# JSON output for automation
tool-scan --json my_tool.json \
  > report.json

Python API

from tool_scan import grade_tool

tool = {
  "name": "get_weather",
  "description": "Gets weather.",
  "inputSchema": {
    "type": "object",
    "properties": {
      "city": {"type": "string"}
    }
  }
}

report = grade_tool(tool)
print(f"{report.grade.letter} ({report.score})")

GitHub Actions

Drop-in workflow step with --strict and --min-score flags. Upload SARIF reports as artifacts.

Pre-commit hooks

Scan tool JSON files on every commit. Block unsafe tools before they reach the repo.

Exit codes

0 = all passed, 1 = failures found, 2 = file errors. Standard Unix conventions for pipeline integration.