Agent/MCP Audit Sprint

Free first-pass triage

MCP Server Security Scan

Check a public GitHub MCP server, agent tool repo, or private local folder for practical launch risks: remote transports, write actions, credential paths, auth boundaries, redaction, tests, and CI. The scan runs in the browser, does not install dependencies, and does not execute target code.

Open browser scanner Open MCP Security Radar Use shareable repo format View $1,000 audit service Open fixed quote
InputPublic GitHub URL or private local files
RuntimeBrowser-only, no dependency install
OutputMarkdown triage report and paid audit handoff
UpgradeUSD $1,000 human review for one repo or slice

Public repo scan

Paste a GitHub repo URL

Public repos can be scanned from a URL. The scanner fetches selected text files through GitHub and raw file endpoints, then builds a first-pass report you can attach to an audit request.

Shareable format: scan.html?repo=https://github.com/org/repo

Open the public GitHub URL scanner
View the public MCP Security Radar snapshot
Example scan link for a public MCP repo
Compare the scan with human sample reports

Private repo scan

Keep private code local

For private repos, use the local folder selector on the scanner page. Selected files are read by the browser page and are not uploaded by this static site.

No execThe scanner does not run target code.
No installIt does not install target dependencies.
LocalPrivate-file mode reads selected files in the browser.
HumanUse the paid sprint for evidence, tests, and fix planning.

From scan to paid audit

Turn a weak signal into a fix plan

The free scanner is a triage helper, not a certification. A paid sprint reviews one repo or product slice and returns a boundary map, ranked findings, reproduction evidence, tests to add, and launch notes.

Start an audit request with the scanner output attached.
Reserve an audit slot when the scope is already clear.
Open the fixed USD $1,000 quote after scope acceptance.
Review terms before any payment is sent.

What it looks for

Signals the scanner highlights

  1. MCP server setup, transports, bind addresses, hosted entrypoints, and agent-facing APIs.
  2. Write, destructive, privileged, external API, filesystem, browser, shell, database, and cloud tool paths.
  3. Credential loading, auth checks, secret redaction, logging, error handling, and tool output exposure.
  4. Tests, CI, schemas, and documentation that prove risky tools fail closed before launch.
Run the scan Use checklist Book human review