MCP security

MCP security scanner checklist

Use this checklist to evaluate MCP scanner coverage before production rollout or customer security review. It focuses on tool poisoning, prompt injection, OAuth scopes, secrets, STDIO isolation, audit logs, and disable paths.

View scanner checklist Open MCP best practices Review gateway controls

BoundaryChecklist, not a live scanner

This page helps teams prepare scanner requirements and questionnaire evidence. It does not execute code, connect to MCP servers, or certify security.

Scanner approaches

Different teams mean different things when they ask for an MCP security scanner. Pick the control layer that matches the risk.

Approach	What it does	Best for
Checklist scanner	Best first step for teams answering customer questionnaires. It maps controls to evidence but does not inspect every server automatically.	Fast reviews, sales/security evidence, early MCP governance.
Static scan	Reviews configuration, manifests, tool descriptions, dependencies, scripts, and permission declarations before deployment.	CI/CD checks, registry intake, pre-production review.
Runtime monitoring	Observes tool calls, denied actions, identity context, token use, and unusual behavior after deployment.	Production controls, enterprise audit trail, incident response.
Gateway or proxy enforcement	Places policy, identity, approval, logging, scope reduction, and revocation controls between agents and MCP servers.	Enterprise rollout, multi-team MCP governance, customer evidence.

MCP scanner checklist

Use these checks as scanner requirements, manual review prompts, or customer-safe evidence headings.

Tool inventoryList every MCP server, tool, command, owner, data boundary, environment, and approval status.

Tool poisoningCheck tool descriptions, metadata, updates, registry sources, and hidden instruction paths for malicious or misleading behavior.

Prompt injectionReview untrusted content, retrieved documents, tool output, and instruction hierarchy before tool calls are allowed.

OAuth scopesMap integrations to minimum scopes, delegated identity, refresh-token custody, scope-change approval, and revocation owner.

STDIO and command executionConfirm local execution boundaries, shell access, file access, environment variables, and sandboxing or gateway isolation.

Secrets and data leakageCheck whether tokens, API keys, customer data, logs, files, or embeddings can leak through prompts, tool calls, or error output.

Audit loggingVerify logs for tool calls, denied actions, approvals, scope changes, admin changes, and incident review.

Disable pathDocument how to revoke tokens, disable a tool, quarantine a server, block a registry source, and notify customers if needed.

Questionnaire answer patterns

Translate scanner coverage into answers customers can understand and reviewers can verify.

Customer question	Reusable answer pattern
Do you scan MCP servers before production use?	Maintain an MCP inventory, review tool descriptions and permissions, run static checks where available, and require owner approval before production use.
How do you prevent over-permissioned tool access?	Map each server to minimum OAuth scopes, allowed actions, denied actions, approval rules, and token revocation procedures.
How do you detect tool poisoning or prompt injection?	Review tool descriptions, untrusted content handling, registry source, runtime approvals, denied-action logs, and abnormal tool call patterns.
What evidence can customers review?	Provide a customer-safe checklist, OAuth scope map, approval workflow, audit log sample, token revocation runbook, and gateway control summary.

Next steps

Connect MCP scanner findings to evidence, answer libraries, and readiness scoring.

Use the MCP best-practices checklist

Map scanner findings to production hardening categories and customer questionnaire answers.

Open

Review gateway controls

Use gateway/proxy controls when scanner findings require policy enforcement, logging, or revocation.

Open

Add evidence to the answer library

Store reusable MCP scanner and control answers with owners, review dates, and proof links.

Open

Score overall readiness

Check whether MCP evidence is ready before AI-assisted security questionnaire responses are reused.

Open

MCP security scanner FAQ

Short answers for teams deciding what scanner coverage belongs in customer security evidence.

What is an MCP security scanner?

An MCP security scanner is a tool or checklist used to review MCP servers, tools, permissions, OAuth scopes, prompt injection exposure, tool poisoning risks, secrets, audit logs, and disable paths.

Can a checklist replace an automated MCP scanner?

No. A checklist helps teams identify evidence gaps and customer-review answers. Automated static or runtime scanners can add deeper inspection when available.

What should an MCP scanner check first?

Start with inventory, tool descriptions, tool poisoning, prompt injection, OAuth scopes, secrets, STDIO isolation, audit logging, and token revocation.

How does MCP scanning connect to customer security questionnaires?

Customers increasingly ask how AI tools, MCP servers, OAuth scopes, and agent actions are governed. Scanner output becomes evidence for reusable questionnaire answers.

Need a shortlist for your workflow?

Send the formats you receive, your current answer-library setup, and whether you need portal support. We will use those signals to prioritize the next comparison updates.

Request a shortlist