MCP Scan
Scan MCP servers by registry name or repository URL. The mcp-scan command checks MCP server implementations for tool poisoning, privilege escalation, and data exfiltration vulnerabilities before you install them.
Usage
# Scan an MCP server by registry name
inkog mcp-scan github
# Scan with explicit repository URL
inkog mcp-scan github --repo https://github.com/org/mcp-server
# Deep scan an MCP server
inkog mcp-scan --deep --repo https://github.com/org/mcp-serverWhat It Checks For
| Category | Description |
|---|---|
| Tool poisoning | Malicious tool descriptions that manipulate LLM behavior |
| Privilege escalation | Tools that can access resources beyond their stated scope |
| Data exfiltration | Tools that leak sensitive data to external endpoints |
Options
| Option | Description |
|---|---|
--repo <url> | Repository URL for the MCP server source code |
--deep | Run advanced orchestrator-based analysis (requires Inkog Deep role) |
--output <format> | Output format: text, json, html, sarif |
--policy <preset> | Security policy preset: low-noise, balanced, comprehensive, governance, eu-ai-act |
Examples
Scan by Registry Name
# Scan a known MCP server
inkog mcp-scan github
# Scan with JSON output
inkog mcp-scan github -output json > mcp-results.jsonScan from Repository URL
# Provide the source repository explicitly
inkog mcp-scan github --repo https://github.com/org/mcp-server
# Scan any MCP server repo
inkog mcp-scan my-server --repo https://github.com/org/custom-mcpDeep Scan
# Deep scan for comprehensive analysis
inkog mcp-scan --deep --repo https://github.com/org/mcp-server
# Deep scan with HTML report
inkog mcp-scan --deep --repo https://github.com/org/mcp-server -output html > mcp-report.htmlDeep MCP scans produce an MCP Server Profile instead of the usual “Agent Profile” in HTML reports, with framework and architecture details specific to the MCP server.
Last updated on