MCP servers expose tools with no information about what they actually do at runtime. mcpsafetywarden sits between your agent and any MCP server, profiling tool behavior, blocking destructive calls, and running active security audits before you trust them in a workflow.
Drift inferred · capture-to-capture
- HIGH code analysis flagged dynamic code execution ×2 in gautamvarmadatla/mcpsafetywarden
- HIGH code analysis flagged dynamic code execution ×3 in gautamvarmadatla/mcpsafetywarden
transport stdio · streamable-http · http · sse counts 25 tools · 0 res
· 0 prompts
permission surface via code analysis
tools
-
analyze_cve_blast_radius
Report CVEs affecting multiple servers under the same client
-
check_server_drift
Detect schema and tool-list drift against stored baseline
-
discover_servers
Scan filesystem for MCP client configs and extract server entries
-
explain_client_risk
Analyze cross-server risks for all servers under one agent client
-
explain_tool_risk
Walk risk paths for a tool: blast radius, composition risks, MITRE tags, recommended action
-
export_graph
Export risk graph as JSON or Mermaid diagram
-
get_retry_policy
Retry and timeout recommendations
-
get_risk_graph
Build or query the inventory risk graph (servers, tools, findings, agent clients)
-
get_run_history
Recent execution history for a tool
-
get_security_scan
Latest stored scan report
-
get_tool_profile
Full behavior profile with observed stats
-
inspect_server
Refresh tool list and profiles
-
list_server_tools
List tools on a server with summary profiles
-
list_servers
List all registered servers
-
onboard_discovered_servers
Register discovered servers in bulk
-
onboard_server
Register + inspect + security scan in one call
-
ping_server
Reachability check with latency
-
preflight_tool_call
Risk assessment without execution
-
register_server
Register a server; optionally auto-inspect
-
run_replay_test
Idempotency test (calls tool twice)
-
safe_tool_call
Execute with risk gating and alternatives
-
scan_all_servers
mcpsafety+ pipeline across all registered servers
-
security_scan_server
Live security audit (mcpsafety+, Cisco, Snyk)
-
set_tool_policy
Permanent allow/block policy for a tool
-
suggest_safer_alternative
LLM-ranked safer substitutes
prompt-surface
shipped agent-instruction files + hidden-content / dangerous-code findings —
quoted from the analyzed source
analyzed analyzer v18 · 11h ago
danger signals3
- dynamic code executioneval()/exec()gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/scan/args.py:566
eval(), exec(), __import__) embedded in args passed to a tool that does NOT accept shell - dynamic code execution__import__()gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/scan/scanner.py:274
__import__(name) - suspicious endpoint169.254.169.254 (cloud metadata)gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/scan/mcpsafety.py:87
ssrf http://169.254.169.254/latest/meta-data/, http://metadata.google.internal/
evidence-backed
findings quoted directly from the published source artifact — not inferred
last analysis: too-large · showing evidence from the last successful analysis (3d ago)
filesystem 7
- fs gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/core/database.py :9
from pathlib import Path - fs gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/dashboard.py :6
from pathlib import Path - fs gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/graph/explain.py :5
import shutil - fs gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/graph/provenance.py :22
import shutil - fs gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/proxy/discovery.py :11
from pathlib import Path - fs gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/scan/scanner.py :17
import shutil - fs gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/scan/source.py :25
import shutil
shell / exec 4
- shell gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/graph/explain.py :6
import subprocess - shell gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/graph/provenance.py :25
import subprocess - shell gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/proxy/discovery.py :9
import subprocess - shell gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/scan/scanner.py :789
import subprocess as _sp
network 7
- net gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/core/security_utils.py :9
from urllib.parse import unquote - net gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/graph/provenance.py :23
import socket - net gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/proxy/client.py :14
import httpx - net gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/scan/auxiliary.py :4
import urllib.parse as _urlparse - net gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/scan/mcpsafety.py :1406
import httpx - net gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/scan/source.py :29
from urllib.parse import urlparse - net gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/server/_registration.py :5
import urllib.error
secrets 4
- secrets gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/core/database.py :17
_key = os.environ.get("MCP_DB_ENCRYPTION_KEY") - secrets gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/scan/mcpsafety.py :1199
key = api_key or os.environ.get("GEMINI_API_KEY") or os.environ.get("GOOGLE_API_KEY") - secrets gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/scan/scanner.py :209
key = api_key or os.environ.get("GEMINI_API_KEY") or os.environ.get("GOOGLE_API_KEY") - secrets gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/scan/source.py :356
gh_token = os.environ.get("GITHUB_TOKEN") or os.environ.get("GH_TOKEN")
database 1
- db gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/core/database.py :4
import sqlite3
tool registrations 25
- list_servers gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/server/_execution.py :244
- list_server_tools gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/server/_execution.py :268
- preflight_tool_call gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/server/_execution.py :314
- get_tool_profile gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/server/_execution.py :438
- get_retry_policy gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/server/_execution.py :460
- suggest_safer_alternative gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/server/_execution.py :526
- run_replay_test gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/server/_execution.py :691
- set_tool_policy gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/server/_execution.py :781
- get_run_history gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/server/_execution.py :824
- ping_server gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/server/_execution.py :843
- safe_tool_call gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/server/_execution.py :975
- get_risk_graph gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/server/_graph.py :11
- explain_tool_risk gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/server/_graph.py :62
- export_graph gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/server/_graph.py :95
- explain_client_risk gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/server/_graph.py :127
- analyze_cve_blast_radius gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/server/_graph.py :155
- register_server gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/server/_registration.py :311
- inspect_server gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/server/_registration.py :372
- check_server_drift gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/server/_registration.py :460
- onboard_server gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/server/_registration.py :518
- discover_servers gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/server/_registration.py :659
- onboard_discovered_servers gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/server/_registration.py :732
- security_scan_server gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/server/_scan.py :148
- get_security_scan gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/server/_scan.py :366
- scan_all_servers gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/server/_scan.py :400
declared dependencies 7
- platformdirs@>=4.0.0
- mcp@>=1.23.0
- typer@>=0.12.0
- rich@>=13.0.0
- httpx@>=0.25.0
- uvicorn@>=0.30.0
- fastapi@>=0.111.0