MCP Shark LogoMCP Shark/Smart Scan
AlphaThis software is under active development and testing. Features may change.

Testing Phase Notice

Thank you for being an early tester and trying Smart Scan! We're currently in our testing phase, and to ensure a smooth experience for everyone, we've set a limit of 3 scans per day per account. We appreciate your patience and understanding as we continue to improve the service.

Smart Scan

AI-powered security analysis for Model Context Protocol (MCP) servers

What is Smart Scan?

Smart Scan is a comprehensive security analysis tool designed to evaluate the safety and trustworthiness of Model Context Protocol (MCP) servers. It uses advanced AI to analyze tools, resources, and prompts from MCP servers, identifying potential security risks and providing detailed recommendations.

Deep Analysis

Analyzes tools, resources, and prompts from MCP servers to detect security vulnerabilities, suspicious patterns, and potential risks. Combines rule-based checks with AI-powered analysis for comprehensive security assessment.

Risk Assessment

Provides comprehensive risk level assessments (None, Low, Medium, High, Critical) with detailed explanations and actionable recommendations. Results combine deterministic rule-based checks with AI-powered analysis for accurate risk evaluation.

Dashboard & History

View all your scan results in an intuitive dashboard with filtering, pagination, and detailed inspection capabilities.

API Access

Integrate Smart Scan into your workflow with our RESTful API. Generate API tokens and scan MCP servers programmatically with rate limiting and secure authentication. Flexible input format support for seamless integration.

How It Works

  1. Sign up or sign in to create your account
  2. Generate an API token from the tokens page
  3. Submit MCP server data (tools, resources, prompts) via the API
  4. Receive detailed security analysis with risk levels and recommendations
  5. View and manage all scan results in your dashboard

New: Enhanced validation accepts both camelCase and snake_case formats. Improved error handling and detailed analysis results with structured findings.

Developer Documentation

Comprehensive guides for using Smart Scan via CLI, REST API, or in CI/CD pipelines.

Developer Docs

Complete guides covering CLI usage, API reference, CI/CD integration, and authentication.

View Developer Docs

CLI Tool

Command-line interface for automation

CI/CD Integration

GitHub Actions, GitLab CI, CircleCI

Authentication

Token management and security

API Documentation

Interactive Swagger UI to explore and test REST API endpoints directly from your browser.

Interactive API Docs
POST
/api/scans

Create a new security scan

GET
/api/scans

List all scans with filtering

GET
/api/scans/{id}

Get scan details by ID

Frequently Asked Questions

Common questions about Smart Scan

What is Smart Scan?

Smart Scan is an AI-powered security analysis tool designed to evaluate the safety and trustworthiness of Model Context Protocol (MCP) servers. It analyzes tools, resources, and prompts from MCP servers to identify potential security risks and provide detailed recommendations.

How do I get started?

Sign up for an account, generate an API token from the Token Management tab, and use the API to submit MCP server data for analysis. You can test the API directly from the interactive Swagger UI documentation.

What is an API token and how do I use it?

An API token authenticates your API requests. Include it in the Authorization header as "Bearer sk_your_token_here". Save your token securely - it won't be shown again after creation!

What are the rate limits?

By default, each API token has a rate limit of 3 scans per day (configurable). If you exceed the limit, you'll receive a 429 HTTP status code. Rate limits reset daily.

What data do I need to provide for a scan?

Provide MCP server data: server information, tools (with schemas), resources (URIs), and prompts (with arguments). See the API documentation for the complete schema.

What risk levels are possible?

Five risk levels: None, Low, Medium, High, or Critical. Each scan includes detailed findings and recommendations.

Can I view my scan history?

Yes! All scans are stored and viewable in the Scan Results tab. Filter by risk level, status, and date range.

What if I lose my API token?

Create a new one from the Token Management tab. Note that creating a new token replaces your existing token.

Report an Issue

Found a bug or have a feature request? Report it on GitHub.

Smart Scan Issues

Report bugs, request features, or ask questions about Smart Scan.

Report Issue on GitHub