开源MCP安全扫描器
我们尝试过的大多数MCP安全扫描器都存在噪音大、警报不断和误报频繁的问题。我们认为开发者应该得到更好的体验。我们正在寻找早期用户,希望他们能够尝试并帮助我们塑造一个真正有效的工具。
我们正在构建一个开源安全扫描器,以检测以下问题:
```
- 提示注入
- 间接提示注入
- 跨域升级
- 工具中毒
- 工具名称模糊性
- 命令注入
- 权限过度
- PIl检测
```
如果这听起来有趣,请留言。
查看原文
Most MCP security scanners we have tried are noisy, endless alerts and false positives. We think developers deserve better. We are looking for early adopters who want to try and help shape something that actually works.<p>We are building an open-source security scanner to catch below issues:<p><pre><code> - Prompt Injection
- Indirect Prompt Injection
- Cross-Origin Escalation
- Tool Poisoning
- Tool Name Ambiguity
- Command Injection
- Excessive Permission
- PIl Detection
</code></pre>
If this sounds interesting, drop a comment.