freemcplab / 디렉터리 / 플레이그라운드 / Cisco MCP Scanner

● 공식 cisco-ai-defense ⚡ 바로 사용

Cisco MCP Scanner

Name: Cisco MCP Scanner MCP Server
Author: cisco-ai-defense

제작: cisco-ai-defense · cisco-ai-defense/mcp-scanner

Run a battery of prompt-injection, tool-shadowing, and exfiltration tests against any MCP server before you trust it in production.

Cisco's scanner enumerates an MCP server's tools, descriptions, and prompts, then probes them with known attack templates: indirect injection in returned data, tool-name shadowing, suspicious schema fields, exfil-via-error, and more. You get a Markdown/JSON report you can attach to a PR.

▶ 데모 보기 📦 설치 💡 사용 사례

왜 쓰나요

핵심 기능

Probes tool descriptions for hidden instructions
Tests indirect prompt injection in returned content
Detects tool shadowing / spoofing risk
Heuristics for credential exfil via error messages
Markdown + JSON report formats
CI-friendly exit codes

라이브 데모

실제 사용 모습

준비됨

설치

클라이언트 선택

~/Library/Application Support/Claude/claude_desktop_config.json · Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "cisco-mcp-scanner": {
      "command": "uvx",
      "args": [
        "mcp-scanner",
        "--server",
        "stdio:npx -y <target>"
      ],
      "_doc": "Run against any MCP server config; produces a security report."
    }
  }
}

Claude Desktop → Settings → Developer → Edit Config 열기. 저장 후 앱 재시작.

~/.cursor/mcp.json · .cursor/mcp.json

{
  "mcpServers": {
    "cisco-mcp-scanner": {
      "command": "uvx",
      "args": [
        "mcp-scanner",
        "--server",
        "stdio:npx -y <target>"
      ],
      "_doc": "Run against any MCP server config; produces a security report."
    }
  }
}

Cursor는 Claude Desktop과 동일한 mcpServers 스키마 사용. 프로젝트 설정이 전역보다 우선.

VS Code → Cline → MCP Servers → Edit

{
  "mcpServers": {
    "cisco-mcp-scanner": {
      "command": "uvx",
      "args": [
        "mcp-scanner",
        "--server",
        "stdio:npx -y <target>"
      ],
      "_doc": "Run against any MCP server config; produces a security report."
    }
  }
}

Cline 사이드바의 MCP Servers 아이콘 클릭 후 "Edit Configuration" 선택.

~/.codeium/windsurf/mcp_config.json

{
  "mcpServers": {
    "cisco-mcp-scanner": {
      "command": "uvx",
      "args": [
        "mcp-scanner",
        "--server",
        "stdio:npx -y <target>"
      ],
      "_doc": "Run against any MCP server config; produces a security report."
    }
  }
}

Claude Desktop과 같은 형식. Windsurf 재시작 후 적용.

~/.continue/config.json

{
  "mcpServers": [
    {
      "name": "cisco-mcp-scanner",
      "command": "uvx",
      "args": [
        "mcp-scanner",
        "--server",
        "stdio:npx -y <target>"
      ]
    }
  ]
}

Continue는 맵이 아닌 서버 오브젝트 배열 사용.

~/.config/zed/settings.json

{
  "context_servers": {
    "cisco-mcp-scanner": {
      "command": {
        "path": "uvx",
        "args": [
          "mcp-scanner",
          "--server",
          "stdio:npx -y <target>"
        ]
      }
    }
  }
}

context_servers에 추가. 저장 시 Zed가 핫 리로드.

claude mcp add cisco-mcp-scanner -- uvx mcp-scanner --server 'stdio:npx -y <target>'

한 줄 명령. claude mcp list로 확인, claude mcp remove로 제거.

사용 사례

실전 활용법: Cisco MCP Scanner

Audit a third-party MCP before adopting it

👤 Developers ⏱ ~15 min intermediate

언제 쓸까: A teammate wants to install a community MCP and you want a security signal first.

흐름

Install scanner

uvx mcp-scanner --help✓ 복사됨

→ Scanner runs
Scan

mcp-scanner --server "stdio:npx -y the-mcp" --output report.md✓ 복사됨

→ Report written
Review

Open report.md; triage findings by severity.✓ 복사됨

→ Adoption decision documented

결과: Documented security review before merging the MCP into your config.

Gate MCP changes in CI

👤 Developers ⏱ ~15 min intermediate

언제 쓸까: You ship an internal MCP and want a baseline check on every PR.

흐름

Add CI step

Run mcp-scanner against the built server; fail on HIGH findings.✓ 복사됨

→ PR fails on regressions
Fix or accept

Each finding gets fixed or annotated with a risk acceptance.✓ 복사됨

→ Clean baseline

결과: No new prompt-injection surface ships unreviewed.

조합

다른 MCP와 조합해 10배 효율

cisco-mcp-scanner + github

Run on every PR via Actions; comment findings on the PR

Combine cisco-mcp-scanner with github: Run on every PR via Actions; comment findings on the PR✓ 복사됨

cisco-mcp-scanner + sentry

Pipe scanner findings as Sentry alerts on main branch

Combine cisco-mcp-scanner with sentry: Pipe scanner findings as Sentry alerts on main branch✓ 복사됨

도구

이 MCP가 노출하는 것

도구	입력	언제 호출	비용
scanner CLI	(see docs)	Not exposed as MCP tools — this is a scanner, not a server	1 call

비용 및 제한

운영 비용

API 쿼터: N/A
호출당 토큰: Local — uses the target MCP only
금액: Free OSS
팁: Run scans in a sandboxed network so probes can't exfil real data

보안

권한, 시크릿, 파급범위

자격 증명 저장: No credentials by itself

데이터 외부 송신: Whatever the target MCP egresses

절대 부여 금지: point at a production MCP with real credentials — use a staging instance

문제 해결

자주 발생하는 오류와 해결

Scanner times out on a slow MCP

Increase --timeout; check the server actually starts under stdio

False positives on benign tools

Use --baseline to mark them; future runs ignore

대안