MCP Prompt Injection Scanner
Detects prompt injection attacks in MCP tool inputs — OWASP LLM Top 10 coverage, real-time scanning, severity scoring for AI agent security
meok-mcp-injection-scan-mcp
Scan any MCP server for the prompt-injection / tool-poisoning / SSRF class disclosed in the April 2026 CVE wave.
pip install meok-mcp-injection-scan-mcp
Why this exists
April 2026 was a bad month for MCP. Anthropic published a "by-design" MCP RCE class affecting ~7,000 public servers (~150M downloads). mcp-server-git shipped a CVE chain. DockerDash got popped by an injection chain. Tool-description prompt injection ("tool poisoning") was demonstrated against every major MCP host.
If you run an MCP server in production, or you're auditing one before adoption, you need a fast scan that flags the patterns the April 2026 disclosures target. This MCP is that scan.
What it checks
30+ canonical rules across 5 severity tiers:
- CRITICAL — direct RCE, system-prompt override, credential exfil patterns, shell metachars in defaults, file:// / internal-network URLs (the DockerDash 169.254.169.254 metadata-pivot vector).
- HIGH — encoded payloads, imperative directives at the agent, supply-chain prompts, env-var references, tool shadowing.
- MEDIUM — urgency / authority language,
additionalProperties=true, unbounded strings, tool-name impersonation. - LOW — over-long descriptions, zero-width / bidi-override chars (the U+202E PoC vector).
Coverage maps to: OWASP LLM Top 10, GenAI Red Team v1, the April 2026 Anthropic MCP RCE disclosure, and the mcp-server-git CVE chain.
Tools exposed
| Tool | Purpose |
|---|---|
scan_mcp_url(url) | Fetch a remote MCP server's tool listing and scan it |
audit_tool_descriptions(tools_json) | Scan a pasted JSON tool list (auth-walled servers) |
signed_safety_report(subject, findings_json, score, note) | Issue a procurement-grade signed cert (Pro tier) |
list_rules() | Inspect the full rule catalogue before subscribing |
pricing() | Subscribe links + tier comparison |
Pricing
| Tier | Price | What you get |
|---|---|---|
| Free | £0 | 5 scans / day, no signed reports |
| Starter | £29/mo | Unlimited scans + signed reports |
| Pro | £79/mo | + scheduled rescans + 48h support |
| Enterprise | £1,499/mo | + custom rule packs + 4h SLA |
Every signed cert lives at https://meok-attestation-api.vercel.app/verify/<cert_id> — auditors and procurement teams confirm without an account.
What you do NOT get
This is a static-pattern scanner. It does not run dynamic taint analysis, fuzz the server with adversarial inputs, or replace a human red-team. It is the first 80% of the audit, in 5 seconds, for free.
Built by MEOK AI Labs
Solo founder. London. 234 MCP packages on PyPI. Live signing infrastructure at meok-attestation-api.vercel.app. Storefront councilof.ai. Get the catalogue: https://meok-attestation-api.vercel.app/catalogue.
Distribution channels
- PyPI:
pip install meok-mcp-injection-scan-mcp(this package) - Apify Store (Pay-Per-Event): https://apify.com/knowing_yucca/meok-mcp-injection-scan
- GitHub (source): https://github.com/CSOAI-ORG/MEOK-LABS/tree/main/mcps/meok-mcp-injection-scan-mcp
- Sponsor: https://github.com/sponsors/CSOAI-ORG · Pro £79/mo →
Máy chủ liên quan
Photopea MCP Server
Design posters, edit photos, and manipulate images directly from your terminal. Powered by Photopea -- a free, browser-based alternative to Photoshop -- connected to your AI agent via MCP.
Compeller
Create AI music videos and audio-reactive visuals from songs through MCP.
Time Server
An MCP server that exposes datetime information to agentic systems and chat REPLs.
Phone Carrier Detector
Detects Chinese mobile phone carriers, including China Mobile, China Unicom, China Telecom, and virtual carriers.
Lido MCP Server
Liquid staking data, stETH metrics, and validator info on Lido.
AI Incident Reporting MCP
Structured AI incident reporting for EU AI Act Article 62 — generates mandatory incident reports, severity classification, root cause analysis, and regulator-ready submissions for serious AI incidents.
Synthetix MCP Server
Synthetic asset data, staking info, and debt pool metrics on Synthetix.
Cyber Triage
Allows access to DFIR / forensics data that was collected from endpoints. Used for SOC and forensic investigations.
SafeDep
Real-time malicious package protection for AI coding agents
open.video MCP
AI-powered video platform management — upload videos, manage channels, track analytics, and organize playlists through any MCP-compatible AI client