Alpha software. Useful for local MCP server review and validation.
mcpscan
Local-first security scanner for MCP servers.
Scan an MCP server before connecting it to an AI agent. mcpscan enumerates exposed tools, resources, prompts, and metadata, then runs deterministic checks without uploading source code, prompts, secrets, or raw MCP responses.
$ mcpscan scan --command '<your MCP server command>'
Server: filesystem
Enumerated: 12 tools, 2 resources, 0 prompts
SEVERITY ID TARGET FINDING
HIGH MCP-010 read_file Arbitrary file read capability exposed
HIGH MCP-030 run_command Unconstrained command input
Grade: D
Payload stored: false
Uploads: noneCurrent focus
mcpscan is the active Orisan project.
Orisan is keeping the public story narrow: a local-first MCP server scanner first. Scout remains a secondary community artifact. Other ideas stay out of the current site focus.
Active alpha / v0.1.0-alpha.2
mcpscan
Local-first security scanner for MCP servers.
Current flagship. Review MCP servers locally before AI agents connect.
Secondary community artifact
Scout
Repo-local AI-agent approval artifact.
Kept as a community/portfolio artifact, not the current focus.
De-emphasized
Guard / Relay / Review
Portfolio/community ideas, not part of the current site focus.
Not part of the current public product story.
active release
v0.1.0-alpha.2
primary command
mcpscan scan
reports
terminal + JSON + Markdown
privacy
no uploads
The motive
MCP servers changed what an agent can reach.
Orisan is focused on the moment before trust. Developers are connecting agents to local and remote MCP servers, while reviewers still need clear evidence about exposed tools, resources, prompts, and metadata.
Before
MCP servers were often added to agent configs because they were useful, not because their exposed tools had been reviewed.
Now
AI agents can connect to MCP servers that read files, make network requests, execute commands, or expose sensitive metadata.
Gap
Reviewers need a local way to see what an MCP server exposes before trusting it.
mcpscan
mcpscan enumerates the server surface and emits deterministic findings a reviewer can inspect.
Report artifact
mcpscan turns MCP exposure into a reviewable report.
The report says what was enumerated, which deterministic checks fired, what evidence is safe to store, and why a server may need review before an AI agent connects.
MCP Server Review
Target
stdio MCP server
Release
v0.1.0-alpha.2
Scope
tools, resources, prompts, and metadata
Capability Summary
This MCP server exposes file and command capabilities that should be reviewed before an AI agent connects.
TOOLS
12 enumerated
RESOURCES
2 enumerated
PROMPTS
0 enumerated
Reviewer
Decision
Restrictions
Expires
Why different
Focused local scanner. Narrow by design.
Pre-connection
Run mcpscan before an AI agent connects to a new MCP server.
Capability-first
Findings describe exposed server behavior: files, network, commands, metadata, prompts, and transport.
Local evidence
Reports are generated locally with no cloud upload and payload_stored=false.
Narrow scope
The alpha focuses on stdio and tested Streamable HTTP MCP server review. MCP-002 baseline drift is deferred.
Capability model
Enumerate / check / report.
ENUMERATE
- tools/list
- resources/list
- prompts/list
- server metadata
CHECK
- prompt injection signals
- dangerous capabilities
- secret exposure
- transport issues
REPORT
- terminal summary
- JSON report
- Markdown report
- payload_stored=false
Scope and privacy
Local by design. Evidence-safe by default.
Preflight
Scan the MCP server before connecting the agent.
Current verified installation is from source in a local Python environment. No PyPI, Homebrew, pipx, or curl install path is claimed for mcpscan yet.
git clone https://github.com/Orisan-org/mcpscan
cd mcpscan
python3 -m venv .venv
source .venv/bin/activate
python -m pip install -e ".[dev]"
mcpscan scan --command '<your MCP server command>'