agentseal-mcp-intel
Enables users to scan MCP servers for security threats, check installed servers, and analyze config files for risks, all from AI assistants like Claude, Cursor, or Windsurf.
README
agentseal-mcp-intel
Security scanner for MCP servers. Check any MCP server for supply-chain threats before you install it -- directly from Claude, Cursor, or Windsurf.
<p align="center"> <a href="https://agentseal.org/mcp"> <img src="https://agentseal.org/icon-512.png" height="80" alt="AgentSeal" /> </a> </p>
<h3 align="center">Security scanner for MCP servers</h3>
<p align="center"> <a href="https://www.npmjs.com/package/agentseal-mcp-intel"><img src="https://img.shields.io/npm/v/agentseal-mcp-intel?color=blue" alt="npm" /></a> <a href="https://github.com/AgentSeal/agentseal-mcp-intel/blob/main/LICENSE"><img src="https://img.shields.io/badge/license-FSL--1.1-blue" alt="License" /></a> <a href="https://x.com/agentseal_org"><img src="https://img.shields.io/twitter/follow/agentseal_org" alt="Follow on X" /></a> </p>
<p align="center"> <a href="https://agentseal.org/mcp">MCP Registry</a> · <a href="https://agentseal.org/pricing">Pricing</a> · <a href="https://agentseal.org">Website</a> </p>
The problem
MCP servers can read your files, run commands, and call APIs on your behalf. Before you install one, you should know:
- Does it exfiltrate data to external servers?
- Does it contain prompt injection or jailbreak payloads?
- Does it request excessive permissions?
- Has it been independently tested?
Most people install MCP servers blindly. This tool changes that.
What it does
agentseal-mcp-intel connects your AI assistant to the AgentSeal security registry -- 3,400+ MCP servers each tested with 265+ adversarial security probes. Your assistant can look up any server, scan your environment, and flag risks before you install anything.
Quick start
Claude Desktop
Add to ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows):
{
"mcpServers": {
"agentseal": {
"command": "npx",
"args": ["-y", "agentseal-mcp-intel"]
}
}
}
Cursor
Add to .cursor/mcp.json (project) or ~/.cursor/mcp.json (global):
{
"mcpServers": {
"agentseal": {
"command": "npx",
"args": ["-y", "agentseal-mcp-intel"]
}
}
}
Windsurf
Add to ~/.codeium/windsurf/mcp_config.json:
{
"mcpServers": {
"agentseal": {
"command": "npx",
"args": ["-y", "agentseal-mcp-intel"]
}
}
}
Restart your AI tool. That's it.
Tools
| Tool | What it does | Network |
|---|---|---|
search_registry |
Find safe MCP servers by use case | API call |
check_server |
Check a specific server's security score before installing | API call |
check_environment |
Scan all servers installed in your AI tools | API call (names only) |
check_file |
Analyze an AI config file for hidden threats | 100% local |
submit_server |
Submit an unknown server for scanning | API call |
search_registry
Find MCP servers by what you need. Results include trust scores so you can pick a safe option.
"Find me a PostgreSQL MCP server"
"Search for web scraping MCP servers with a score above 70"
| Parameter | Type | Required | Description |
|---|---|---|---|
query |
string | Yes | What you need, e.g. "PostgreSQL", "web scraping", "send email" |
category |
string | No | Filter by category |
safe_only |
boolean | No | Only return servers scoring 70+ |
limit |
number | No | Max results (default: 10, max: 20) |
check_server
Check the security of a specific MCP server before installing it. Accepts package names, slugs, or GitHub URLs.
"Is @modelcontextprotocol/server-github safe?"
"Check the security of https://github.com/crystaldba/postgres-mcp"
"Check mcp-server-postgres before I install it"
Returns:
- Trust score (0-100) with risk level
- Score breakdown across 5 dimensions (description safety, schema safety, capability risk, auth & permissions, stability)
- Security findings with severity ratings
- Install links and metadata
| Risk level | Score | Meaning |
|---|---|---|
| EXCELLENT | 85-100 | No significant issues found |
| HIGH | 70-84 | Minor issues, generally safe |
| MEDIUM | 50-69 | Review findings before installing |
| LOW | 30-49 | Significant concerns, use with caution |
| CRITICAL | 0-29 | Do not install |
check_environment
Scan all MCP servers currently installed in Claude Desktop, Cursor, and Windsurf. Checks each one against the registry and groups results by risk level.
"Scan my installed MCP servers for security issues"
"Check my Cursor MCP setup"
| Parameter | Type | Required | Description |
|---|---|---|---|
scope |
string | No | Which tool to scan: all (default), claude, cursor, windsurf |
dry_run |
boolean | No | Preview what would be scanned without making API calls |
Privacy: Only server names are sent to the API. Config file paths, environment variables, API keys, and credentials never leave your machine.
check_file
Analyze an AI config file for hidden security threats. Runs entirely locally -- zero data is sent anywhere.
"Check my .cursorrules file for threats"
"Scan CLAUDE.md for prompt injection"
Detects:
- Prompt injection and jailbreak patterns
- Invisible Unicode characters (zero-width joiners, Unicode tags, BiDi overrides)
- Data exfiltration instructions (URL variable interpolation, fetch + secrets)
- Base64-encoded payloads
- Unsafe auto-approve permissions
| Supported files |
|---|
.cursorrules / .cursor/rules |
CLAUDE.md / .claude/ |
.github/copilot-instructions.md |
.windsurfrules |
.mcp.json / claude_desktop_config.json |
check_fileonly accepts known AI config file patterns. Requests for arbitrary files (e.g./etc/passwd,~/.ssh/id_rsa) are rejected.
submit_server
Submit an MCP server that's not in the registry for security scanning. AgentSeal fetches it, runs 265+ probes, and publishes results.
"Submit mcp-server-postgres for scanning"
"Scan https://github.com/org/repo and add it to the registry"
| Parameter | Type | Required | Description |
|---|---|---|---|
name |
string | Yes | Package name or GitHub URL |
package_type |
string | Yes | npm, pypi, remote, or docker |
confirmed |
boolean | Yes | Must be true to submit. Use false to preview. |
Requires explicit confirmation. Your AI assistant cannot submit servers without you approving it first.
Example session
You: Check if the GitHub MCP server is safe to install.
Claude: [calls check_server("@modelcontextprotocol/server-github")]
[AgentSeal] server-github ~ HIGH -- 82/100
████████████████░░░░ 82/100
TypeScript . MIT . 18 tools . by modelcontextprotocol
SCORE BREAKDOWN
Desc Safety ▪▪▪▪▪▪▪▪▪▪ 95
Schema Safety ▪▪▪▪▪▪▪▪·· 80
Capability ▪▪▪▪▪▪▪··· 72
Auth & Perms ▪▪▪▪▪▪▪▪·· 78
Stability ▪▪▪▪▪▪▪▪▪▪ 100
FINDINGS
0 critical . 1 high . 1 medium
You: Scan all my installed MCP servers.
Claude: [calls check_environment()]
ENVIRONMENT SCAN -- 4 servers across 2 config files
SAFE
server-github 82/100 HIGH
server-filesystem 78/100 HIGH
REVIEW
mcp-server-browserbase 54/100 MEDIUM (1 finding)
UNKNOWN
some-custom-mcp NOT IN REGISTRY
ACTION REQUIRED
Run check_server("some-custom-mcp") or submit it for scanning.
Privacy and data handling
| Action | What is read locally | What is sent to agentseal.org | What stays on your machine |
|---|---|---|---|
search_registry |
Nothing | Search query | -- |
check_server |
Nothing | Server name/slug | -- |
check_environment |
AI tool config files | Server names only | File paths, env vars, API keys, all config values |
check_file |
The specified config file | Nothing | Full file contents |
submit_server |
Nothing | Package name + type | -- |
- No telemetry. No usage tracking, no analytics, no background network calls.
- Credentials never leave your machine. Config parsing extracts only server names.
check_fileis 100% local. File contents are never transmitted.- External content is isolated. API responses are wrapped in
<agentseal:external>delimiters so your AI assistant treats them as data, not instructions. - Source code is fully auditable. You're looking at it.
Configuration
| Environment variable | Default | Description |
|---|---|---|
AGENTSEAL_API_KEY |
-- | Pro API key for unlimited access and full findings detail |
AGENTSEAL_API_URL |
https://agentseal.org |
Override API base URL |
AGENTSEAL_DEBUG |
0 |
Set to 1 for debug logs on stderr |
MCP_CONFIG_PATH |
-- | Extra config file path for check_environment (useful in CI) |
Free vs Pro
| Free | Pro | |
|---|---|---|
| Requests | 50/day | Unlimited |
| Trust scores | Yes | Yes |
| Finding counts | Yes | Yes |
| Finding details (evidence, remediation) | -- | Yes |
| Priority scanning | -- | Yes |
Get a Pro key at agentseal.org/pricing.
Requirements
- Node.js 18 or later
- An MCP-compatible host: Claude Desktop, Cursor, Windsurf, or any MCP client
Development
git clone https://github.com/agentseal/agentseal-mcp-intel.git
cd agentseal-mcp-intel
npm install
npm run build
npm test # 133 tests
npm run typecheck # strict TypeScript
How it works
Your AI assistant agentseal-mcp-intel AgentSeal API
| | |
|-- "check postgres-mcp" --------->| |
| |-- GET /api/v1/mcp/intel/... ->|
| |<-- trust score + findings ----|
|<-- formatted security report ----| |
| | |
|-- "scan my .cursorrules" ------->| |
| |-- [local analysis only] |
|<-- findings (no network call) ---| |
The MCP server is a thin, auditable client. All scoring intelligence lives in the AgentSeal API. Local analysis (check_file) runs entirely on your machine with zero network calls.
Security
If you find a security vulnerability, please email hello@agentseal.org instead of opening a public issue.
License
FSL-1.1-Apache-2.0 -- Functional Source License 1.1.
You may use and modify this software, but you cannot offer it as a competing commercial service. After 4 years, the license converts to Apache 2.0. The AgentSeal registry, probe suite, and scoring engine are proprietary. See fsl.software for details.
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.