MCP-S · v1.0 · 2026 8 ENGINES  ·  81 RULES  ·  <10s SCAN

Scan Every
MCP Server
in Seconds.

8 detection engines analyze your Model Context Protocol servers for secrets, prompt injection, supply chain risks, data exfiltration paths, schema rug pulls, and over-privileged tools — all in one scan.

Live Scan Result gitmcp.io/docs
62
gitmcp.io/docs
2 servers · 5 tools · 5.9s
0 CRIT 12 HIGH 0 LOW
HIGHASH-008SSRF surface: url in fetch_generic_url
HIGHASH-007Cmd injection: query in search_docs
HIGHASH-005SQL injection surface: repo_name
HIGHCPA-002Broadly capable tool: match_libs
HIGHASH-009Template injection: owner param
HIGHASH-008SSRF: search_generic_code query
8 engines · 5.9s scan-20260224
81Policy Rules
8Detection Engines
<10sPer Scan
3Interfaces
How It Works

Three ways to scan.
Same 8 engines every time.

1
Point at any MCP server
Paste a URL, drop in your claude_desktop_config.json, or upload a config file. Supports SSE and Streamable HTTP transports.
2
8 engines fire in parallel
SDE, STA, SIM, PPV, COI, DFP, CPA, and ASH each analyze tool definitions, schemas, packages, and data flows simultaneously — no waiting.
3
ENABLES wires attack chains
The ENABLES engine links related findings into multi-step attack chains — showing how a malicious package enables credential theft enables data exfiltration.
4
Score, remediate, repeat
Security score, severity breakdown, knowledge graph, and remediation steps — all persisted to scan history. Compare results over time.
terminal — praqtor-mcp CLI
# Install
$pip install praqtor-mcp
 
# Scan a live MCP server by URL
$praqtor-mcp scan-url \
  https://gitmcp.io/docs \
  --api-key pmcp-...
 
Security Score: 62 / 100
Findings: 12 total
Critical 0   Medium 0
High 12   Low 0
 
# Or scan a config file
$praqtor-mcp scan config.json \
  --api-key pmcp-...
 
# SARIF output for GitHub Actions
$praqtor-mcp scan-url https://... \
  --format sarif > results.sarif
 
✓ Results stored · dashboard ready
Detection Engines 8 of 8 active
Code Engine What It Finds Status
SDE Secrets Scanner API keys, tokens, passwords, and credentials hardcoded in MCP server configurations and environment variables. LIVE
STA Prompt Threat Detector Hidden instructions, prompt injection, and jailbreak attempts embedded in tool descriptions and schema annotations. LIVE
SIM Schema Change Monitor Rug pull attacks — tool definitions that silently mutate between scans to include malicious directives or expanded permissions. LIVE
PPV Package Risk Checker Malicious npm and PyPI packages, typosquatting, unpinned dependency versions, and supply chain compromise indicators. LIVE
COI Cross-Server Threat Detector Cross-origin influence attacks where one MCP server's tool manipulates, shadows, or overrides another server's behavior. LIVE
DFP Data Exfiltration Tracer Data movement from sensitive sources to external sinks — mapping hidden exfiltration paths across tools and servers. LIVE
CPA Permission Overreach Scanner Over-privileged tools requesting more capabilities than their stated purpose requires — scored per tool with alignment metrics. LIVE
ASH Input Attack Surface Analyzer SQL injection, SSRF, command injection, path traversal, and template injection surfaces in tool parameter schemas. LIVE
Screenshots Real data · No mocks
Dashboard
Dashboard
Security Score at a Glance
Live score, finding severity breakdown, active alerts, and detection coverage — all populated after every scan.
Findings
Findings
Every Threat, Fully Explained
Filter by severity and engine. Each finding links to its policy rule with remediation steps and OWASP mapping.
Knowledge Graph
Knowledge Graph
Attack Chain Visualization
Interactive graph connecting servers, tools, and findings into multi-step attack chains with blast radius scoring.
Rule Catalog
Rule Catalog
81 Policy Rules, Fully Documented
Detection patterns, remediation steps, OWASP/CWE mappings, config examples, and per-rule enable/disable for every rule.
Get Started

Every MCP server is an
attack surface.

PRAQTOR MCP-S gives you complete visibility into the tools your AI agents trust — before an attacker exploits them.