Awesome MCP Security
Security scores for 800+ MCP servers. 9 analyzers scan for prompt injection, toxic flows, and attack surface risks. Updated daily. ๐ก๏ธ
What is Awesome MCP Security?
Awesome MCP Security is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to security scores for 800+ mcp servers. 9 analyzers scan for prompt injection, toxic flows, and attack surface risks. updated daily. ๐ก๏ธ
Security scores for 800+ MCP servers. 9 analyzers scan for prompt injection, toxic flows, and attack surface risks. Updated daily. ๐ก๏ธ
This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- Security scores for 800+ MCP servers. 9 analyzers scan for p
Use Cases
Maintainer
Works with
Installation
Manual Installation
npx awesome-mcp-securityConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use Awesome MCP Security
Awesome MCP Security is a curated, continuously updated security resource that tracks and scores 800+ MCP servers across 9 security dimensions including prompt injection risk, toxic tool flows, and overall attack surface. Updated daily, it serves as a reference for developers and security teams who want to audit MCP servers before deployment, understand common attack vectors in the MCP ecosystem, and discover security-focused MCP tools such as Nuclei, Semgrep, VirusTotal, Shodan, and BloodHound integrations. It is both a directory of security tooling and an active scanner database that helps practitioners make informed decisions about which MCP servers to trust.
Prerequisites
- Node.js 18 or later and npx for running the MCP server component
- An MCP-compatible client such as Claude Desktop or Cursor
- Basic familiarity with MCP server security concepts (prompt injection, tool poisoning)
- Internet access for daily-updated scoring data
Review the security database online
Before installing, browse the live security scores at the Awesome MCP Security repository to understand the risk profiles of servers you are already using.
Add the MCP server to your client config
Add awesome-mcp-security to your claude_desktop_config.json to expose its security scoring and lookup tools to Claude.
{
"mcpServers": {
"awesome-mcp-security": {
"command": "npx",
"args": ["awesome-mcp-security"]
}
}
}Restart your MCP client
Restart Claude Desktop (or your MCP client) to load the new server. Once connected, you can query security scores, look up servers by risk category, and get recommendations.
Audit an MCP server before adding it
Use the server's tools to check the security score of any MCP server you are considering. Ask Claude to retrieve the score and risk report for a specific server slug or package name.
Integrate security-focused MCP servers from the directory
The resource lists production-ready security MCP servers (Nuclei, VirusTotal, Semgrep, Shodan, BloodHound). Use this as a reference to add targeted security tooling to your Claude environment.
Awesome MCP Security Examples
Client configuration
claude_desktop_config.json entry for the Awesome MCP Security server.
{
"mcpServers": {
"awesome-mcp-security": {
"command": "npx",
"args": ["awesome-mcp-security"]
}
}
}Prompts to try
Example prompts that leverage the security scoring and risk analysis capabilities of this server.
- "What is the security score for the filesystem MCP server and what are its main risks?"
- "List MCP servers with high prompt injection risk scores so I can avoid them."
- "Which MCP servers in the database have been flagged for toxic tool flows?"
- "Show me all security-focused MCP servers available for vulnerability scanning."
- "What are the top 5 safest MCP servers for production use based on the security database?"Troubleshooting Awesome MCP Security
Security scores seem outdated
The database is updated daily. If scores look stale, check the repository's last commit date. For the most current data, visit https://github.com/Puliczek/awesome-mcp-security directly.
Tools not appearing after adding to config
Ensure Node.js 18+ and npx are installed. Run 'npx awesome-mcp-security' in a terminal to test directly. If it fails with a package not found error, the package may be published under a different name โ check the repository for the correct npx invocation.
Unsure how to interpret the 9 security analyzer scores
Refer to the repository README for definitions of each analyzer category (prompt injection, toxic flows, attack surface, etc.). Focus on prompt injection and toxic flow scores as the highest-impact risks for typical deployments.
Frequently Asked Questions about Awesome MCP Security
What is Awesome MCP Security?
Awesome MCP Security is a Model Context Protocol (MCP) server that security scores for 800+ mcp servers. 9 analyzers scan for prompt injection, toxic flows, and attack surface risks. updated daily. ๐ก๏ธ It connects AI assistants to external tools and data sources through a standardized interface.
How do I install Awesome MCP Security?
Follow the installation instructions on the Awesome MCP Security GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.
Which AI clients work with Awesome MCP Security?
Awesome MCP Security works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is Awesome MCP Security free to use?
Yes, Awesome MCP Security is open source and available under the NOASSERTION license. You can use it freely in both personal and commercial projects.
Awesome MCP Security Alternatives โ Similar Security Servers
Looking for alternatives to Awesome MCP Security? Here are other popular security servers you can use with Claude, Cursor, and VS Code.
Casdoor
โ 13.6kAn open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
ghidraMCP
โ 9.0kAn Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through
HexStrike AI
โ 8.9kHexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b
IDA Pro MCP
โ 8.7kEnables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.
Anthropic Cybersecurity Skills
โ 6.6k754 structured cybersecurity skills for AI agents ยท Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF ยท agentskills.io standard ยท Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform
Hooker
โ 5.1k๐ฅ๐ฅ hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u
Browse More Security MCP Servers
Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up Awesome MCP Security in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use Awesome MCP Security?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.