🛡️ MCP Security Scanner

Enter your MCP server's GitHub repo URL to get an instant security analysis.

Scan a server

What we check

1. Authentication — Does the server require auth for sensitive tools?
2. Prompt Injection — Are tool descriptions safe from injection?
3. Input Validation — Does it validate inputs before processing?
4. CORS — Is CORS properly configured?
5. OAuth Scopes — Are OAuth scopes minimal?
6. Rate Limiting — Does it have rate limiting?
+ L1.6 Enhanced — Semgrep rules, secret detection, OSV dependency check

Want a deeper audit?

The free scan does L1.5 (metadata checks). For the full 6-layer audit including:

Open an issue: github.com/edgarfloresguerra2011-a11y/marketnow/issues

Already audited servers

Check if a server is already certified: marketnow.site/verify