DEV Community

Luca Moretti
Luca Moretti

Posted on

I Built a Security Scanner for MCP Configs - Here's What It Found

#ai #mcp #security #showdev

Last week I wrote about how MCP configs leak your API keys. The response was clear: people know this is a problem, but nobody checks their configs.

So I built a tool that does it for you.

mcp-security-scanner — One Command, Full Audit 

npx mcp-security-scanner
Enter fullscreen mode Exit fullscreen mode

That's it. It scans your MCP configuration files and tells you exactly where you're leaking secrets.

It checks common config locations automatically:

  • Claude Desktop (~/.claude/claude_desktop_config.json)
  • Cursor (~/.cursor/mcp.json)
  • VS Code (~/.vscode/mcp.json)
  • Current directory (./mcp.json)

Or point it at a specific file:

npx mcp-security-scanner ./my-config.json
Enter fullscreen mode Exit fullscreen mode

What It Catches

The scanner detects 13 types of secrets:

Pattern Severity
GitHub tokens (ghp_, github_pat_) CRITICAL
AWS access keys (AKIA...) CRITICAL
OpenAI keys (sk-...) CRITICAL
Anthropic keys (sk-ant-...) CRITICAL
Stripe keys (sk_live_, sk_test_) CRITICAL
Private keys CRITICAL
Slack tokens HIGH
Discord tokens HIGH
Bearer tokens HIGH
Generic secrets/passwords HIGH
Generic API keys MEDIUM

Plus it checks best practices:

  • Are you using environment variable references or hardcoded strings?
  • Are there secrets in command arguments (visible in ps aux)?
  • Are env block values actual secrets?

CI/CD Integration

The scanner returns exit code 1 for CRITICAL findings, so you can use it in CI:

# .github/workflows/security.yml
- name: Scan MCP Config
  run: npx mcp-security-scanner ./mcp.json
Enter fullscreen mode Exit fullscreen mode

Block PRs that introduce hardcoded secrets into MCP configs. Simple.

What To Do When It Finds Something

Quick fix: Replace hardcoded values with environment variable references:

{
  "env": {
    "GITHUB_TOKEN": "${GITHUB_TOKEN}"
  }
}
Enter fullscreen mode Exit fullscreen mode

Better fix: Use Janee to proxy credentials. Janee sits between your MCP agent and the external API. The agent never sees the real credential — it just makes requests through Janee, which injects authentication at request time. Plus you get audit logging, rate limiting, and an instant kill switch.

Try It 

npx mcp-security-scanner
Enter fullscreen mode Exit fullscreen mode

Zero dependencies. Zero config. Takes about 2 seconds.

Found a secret pattern I should add? Open an issue.

Top comments (0)