Skip to main content
MCP Trail MCP Trail
Free Tool

Free MCP Security Scan

A read-only security evaluation for your MCP servers. Discover exposure, test authentication, and spot common misconfigurations.

No credit card required. Read-only evaluation—no destructive tests.

What the Scan Checks

Our scanner performs a read-only evaluation. It may exercise these checks:

Exposure & Authentication

Check if the MCP server allows catalog listing without credentials. Test bearer authentication where applicable.

Payload Limits

Test POST body size against gateway caps (~4MB default). Check JSON argument limits for large string inputs.

DLP Pattern Probes

Send synthetic probes to detect DLP behavior. Compare upstream vs Guardian-protected responses.

Shell-Class Tool Safety

Send safe echo-style probes to shell-class tools. Verify dangerous patterns are blocked.

Risk Heuristics

Identify risky tool names and hygiene issues. Check for missing descriptions or unusually large tool catalogs.

What the scan does not replace

Full DLP rule families, credit budgets, abuse rate limits, destructive-shell heuristics, catalog allowlists, human-in-the-loop, and authoritative audit trails apply when traffic flows through MCP Trail Guardian—not when clients hit a raw, unproxied upstream URL.

This scanner performs read-only probes against the URL you provide. It may be rate limited to protect our infrastructure and yours; repeated or automated use may be throttled or blocked.

For production enforcement, route assistants to Guardian, register upstreams in the dashboard, and verify behavior there—including protection logs and policy outcomes.

Important Limitations

  • Best-effort scan — May not work with stream-only transports or servers requiring auth before listing tools.
  • Not a penetration test — Quick checks only, not a full red-team report or formal audit.
  • No destructive testing — We only send safe echo-style probes. No actual file operations or destructive commands.
  • IP logging — We log scan requests for security and abuse prevention. See our privacy policy for details.

How It Works

The scan connects to your MCP server and performs read-only checks

1

Enter Server URL

Provide your MCP server's JSON-RPC endpoint. Optionally add a bearer token if authentication is required.

2

Run Security Checks

Our scanner performs exposure, auth, DLP, and shell safety checks. All tests are read-only and safe.

3

View Results

Get a detailed report of findings with recommendations. Use insights to configure MCP Trail Guardian for full protection.

Want Full Protection?

The free scan identifies issues. MCP Trail Guardian provides policy enforcement, audit logging, DLP scanning, and human approval workflows.

Open MCP Trail View Features