MCP Top 10 Scanner
A free static scan of an MCP (Model Context Protocol) server against the OWASP MCP Top 10. Point it at a public GitHub repo or paste a tool manifest — it runs entirely in your browser, so nothing is uploaded or stored.
This is the automated floor, not a verdict. It catches the patterns; it can't judge tool-chaining, confused-deputy privilege, or business-logic flaws. Those need a human — see "What this scan can't see" in your results.
Static analysis of public source only — no cloning, no execution, no active testing. Uses the public GitHub API (rate-limited).
No sign-up. Nothing leaves your browser except the GitHub fetch (repo mode).