Skill

mcp-scanner

Evaluates MCP servers from GitHub, npm, PyPI, or repo URLs for safety, functionality, legal compliance, and user fit before installation.

Github

Node

Python

security

npx claudepluginhub jbdamask/john-claude-skills --plugin john-skills

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Evaluate MCP servers for safety, functionality, and legal compliance before installation.

Supporting Assets

references/authoritative-sources.mdreferences/license-guide.mdreferences/security-checklist.mdreferences/url-patterns.md

SKILL.md

Similar Skills

mcp-evaluator

Evaluates MCP servers from GitHub repos for security vulnerabilities, privacy risks, code quality, community feedback, and reliability with risk scoring and recommendations. Activate on safety queries or assessments.

2 files

jeredblu-tools

repo-forensics

Audits git repositories, AI skills, and MCP servers for security risks including dependencies, prompt injection, credential theft, runtime dynamism, manifest drift, CVEs, and exploited vulns.

20 files1 tool

repo-forensics

mcp-integration

Handles Claude Code MCP integration: installs/manages servers (HTTP/SSE/stdio), scopes, enterprise configs, OAuth auth, resources/@mentions, prompts, limits, security; delegates to docs-management.

2 files4 tools

claude-ecosystem

Stats

Stars23

Forks2

Last CommitJan 16, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

MCP Scanner

Evaluate MCP servers for safety, functionality, and legal compliance before installation.

Communication Style

Always default to plain language. The user may not be technical. Use everyday analogies to explain security concepts. Only provide technical details (OWASP codes, code snippets, severity levels) when the user explicitly asks for them.

Workflow

Step 1: Understand What the User Wants

Before scanning, ask:

"What are you hoping this MCP will do for you?"
"Do you have any specific concerns about it?"

This helps you assess whether the MCP actually meets their needs.

Step 2: Get the URL

Ask the user for the URL to the MCP. Accept:

GitHub repository URLs
npm package URLs
PyPI package URLs
Direct links to source files

Step 3: Fetch Source Code

Use WebFetch to retrieve key files. See url-patterns.md for URL conversion patterns.

Fetch in this order:

README.md - Understand what the MCP claims to do
LICENSE - Check legal terms
package.json or pyproject.toml - Dependencies and entry point
Main source file - The actual code (index.ts, server.py, etc.)
Tool definition files - Where tools are registered

Step 4: Analyze

A. Functionality Check

Does the MCP do what the user needs?
What tools/capabilities does it provide?
Are there limitations or missing features?
What setup is required?

B. Security Analysis

Review against security-checklist.md. Look for:

Critical: Hardcoded secrets, command injection, data exfiltration
High: Missing auth, overly permissive scopes, token issues
Medium: Missing logging, error handling
Low: Missing docs, tests
MCP-Specific: Tool annotations, transport security, spec compliance

C. Legal/License Check

Review against license-guide.md. Check:

Is there a license file?
What type of license?
Any commercial use restrictions?

D. Current Advisories (Optional)

For high-stakes decisions, check authoritative-sources.md for:

Known security advisories from AAIF/Linux Foundation
Current OWASP MCP Top 10 guidance
Whether the MCP is in any official registry

Step 5: Deliver Report

Always use the Plain Language Report first.

Report Template (Plain Language - Always Show This)

## MCP Assessment: [Name]

### The Bottom Line
[One sentence verdict: Safe to use / Proceed with caution / Don't install this]

### What This Tool Does
[2-3 sentences in plain English. What problem does it solve? How does it work?]

### Will It Work For You?
[Based on what they told you they want]
[Yes / No / Partially] - [Brief explanation]

### Should You Be Concerned?
[Plain language summary. Use analogies from the checklist.]
[If concerns exist, explain in everyday terms]
[If no concerns, say so clearly]

### My Recommendation
[Clear, actionable advice]

---
*Want the technical details? Just ask and I'll provide the full security analysis.*

Technical Report (Only When Requested)

If user asks for details, provide:

### Detailed Security Findings

| Severity | Finding | Location |
|----------|---------|----------|
| [CRITICAL/HIGH/MEDIUM/LOW] | [Description] | [File:line] |

### OWASP MCP Top 10 Check
- MCP01 Token Mismanagement: [Pass/Fail/N/A]
- MCP02 Privilege Escalation: [Pass/Fail/N/A]
- [Continue for all 10...]

### License Details
- License Type: [Name]
- Commercial Use: [Yes/No/Conditional]
- Modification Allowed: [Yes/No/Conditional]
- Distribution Requirements: [Description]

### Dependencies of Concern
[List any suspicious or outdated dependencies]

### Code Snippets
[Relevant code showing concerns]

Verdict Criteria

Safe to Use

No critical or high severity findings
Clear, permissive license (MIT, Apache, BSD)
Does what user needs
Active maintenance (recent commits, responses to issues)

Proceed with Caution

Has medium severity findings OR
Copyleft license (GPL, LGPL) OR
Partially meets user needs OR
Limited maintenance OR
Missing documentation

Don't Install This

Any critical severity finding OR
No license file OR
Evidence of malicious intent OR
Abandoned with known vulnerabilities OR
Does not do what user needs

Example Analogies

Use these to explain technical concepts:

Concept	Analogy
Hardcoded credentials	"Like writing your PIN on your debit card"
Command injection	"Letting someone send commands to your computer through a text field"
Data exfiltration	"This tool might be sending your information somewhere without asking"
Overly permissive access	"Like giving the plumber keys to your whole house when they only need the bathroom"
No license	"The author hasn't said you can use this - legally risky"
Missing audit logs	"No record of what this tool does - like a store with no security cameras"
Token passthrough	"Like a security guard who waves through anyone with a badge, real or fake"

What If I Can't Access the Code?

If the repository is private or returns 404:

Inform the user you cannot access the source code
Explain that without code review, you cannot verify safety
Suggest they contact the author or find an alternative with public source code

Staying Current

The MCP ecosystem evolves rapidly. This skill uses foundational security principles that don't change, but specific advisories and best practices do.

For high-stakes decisions, use WebFetch to check:

https://modelcontextprotocol.io/specification/draft/basic/security_best_practices - Latest official guidance
https://owasp.org/www-project-mcp-top-10/ - Current vulnerability categories

What stays stable (hardcoded in this skill):

Core security patterns (injection, exfiltration, auth gaps)
License compatibility principles
MCP Trust Principles (consent, control, privacy)
Tool annotation expectations

What changes (check authoritative sources):

Specific CVEs and advisories
New attack vectors
Ecosystem registries and certifications
Governance updates

See authoritative-sources.md for the full list of trusted sources.