Lint your MCP server before
it lints your customers.
mcp-sentry is a zero-config CLI that scans TypeScript MCP servers for the OWASP MCP Top 10 — secrets, scope, prompt injection, supply-chain risk, auth gaps. One command. Letter grade. SARIF for your CI.
What it checks
-
MCP01criticalToken / Secret Exposure
Long-lived secrets, API keys, or tokens hardcoded in tool source or descriptions.
Read rule → -
MCP02highPrivilege Scope Creep
Tool input schemas accept overly broad data (z.any, unbounded strings, root paths) or filesystem APIs operate on unconstrained input.
Read rule → -
MCP03highTool Poisoning
Hidden instructions, ANSI escapes, zero-width characters, or shadow-named tools that hijack the model.
Read rule → -
MCP04highSupply Chain
Loose semver pins, missing lockfiles, audited vulnerabilities, or known-malicious packages.
Read rule → -
MCP05criticalTool Input Injection
Tool input parameters flow into child_process exec/spawn or filesystem paths without sanitisation.
Read rule → -
MCP06highIntent Subversion
Tools whose advertised intent (name/description) does not match their actual side effects, or whose description is missing / trivially short.
Read rule → -
MCP07highAuthentication / Transport
HTTP transports (StreamableHTTPServerTransport / express / fastify) exposed without bearer-token or auth middleware.
Read rule → -
MCP08mediumLogging & Error Handling
Tool invocations are not logged, errors leak internals to clients, or no global uncaughtException handler is installed.
Read rule →