freemcplab / 目錄 / 演練場 / Cisco MCP Scanner

● 官方 cisco-ai-defense ⚡ 即開即用

Cisco MCP Scanner

Name: Cisco MCP Scanner MCP Server
Author: cisco-ai-defense

作者 cisco-ai-defense · cisco-ai-defense/mcp-scanner

Run a battery of prompt-injection, tool-shadowing, and exfiltration tests against any MCP server before you trust it in production.

Cisco's scanner enumerates an MCP server's tools, descriptions, and prompts, then probes them with known attack templates: indirect injection in returned data, tool-name shadowing, suspicious schema fields, exfil-via-error, and more. You get a Markdown/JSON report you can attach to a PR.

▶ 觀看演示 📦 安裝 💡 使用場景

為什麼要用

核心特性

Probes tool descriptions for hidden instructions
Tests indirect prompt injection in returned content
Detects tool shadowing / spoofing risk
Heuristics for credential exfil via error messages
Markdown + JSON report formats
CI-friendly exit codes

即時演示

實際使用效果

就緒

安裝

選擇你的客戶端

~/Library/Application Support/Claude/claude_desktop_config.json · Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "cisco-mcp-scanner": {
      "command": "uvx",
      "args": [
        "mcp-scanner",
        "--server",
        "stdio:npx -y <target>"
      ],
      "_doc": "Run against any MCP server config; produces a security report."
    }
  }
}

開啟 Claude Desktop → Settings → Developer → Edit Config。儲存後重啟應用。

~/.cursor/mcp.json · .cursor/mcp.json

{
  "mcpServers": {
    "cisco-mcp-scanner": {
      "command": "uvx",
      "args": [
        "mcp-scanner",
        "--server",
        "stdio:npx -y <target>"
      ],
      "_doc": "Run against any MCP server config; produces a security report."
    }
  }
}

Cursor 使用與 Claude Desktop 相同的 mcpServers 格式。專案級設定優先於全域。

VS Code → Cline → MCP Servers → Edit

{
  "mcpServers": {
    "cisco-mcp-scanner": {
      "command": "uvx",
      "args": [
        "mcp-scanner",
        "--server",
        "stdio:npx -y <target>"
      ],
      "_doc": "Run against any MCP server config; produces a security report."
    }
  }
}

點擊 Cline 側欄中的 MCP Servers 圖示，然後選 "Edit Configuration"。

~/.codeium/windsurf/mcp_config.json

{
  "mcpServers": {
    "cisco-mcp-scanner": {
      "command": "uvx",
      "args": [
        "mcp-scanner",
        "--server",
        "stdio:npx -y <target>"
      ],
      "_doc": "Run against any MCP server config; produces a security report."
    }
  }
}

格式與 Claude Desktop 相同。重啟 Windsurf 生效。

~/.continue/config.json

{
  "mcpServers": [
    {
      "name": "cisco-mcp-scanner",
      "command": "uvx",
      "args": [
        "mcp-scanner",
        "--server",
        "stdio:npx -y <target>"
      ]
    }
  ]
}

Continue 使用伺服器物件陣列，而非映射。

~/.config/zed/settings.json

{
  "context_servers": {
    "cisco-mcp-scanner": {
      "command": {
        "path": "uvx",
        "args": [
          "mcp-scanner",
          "--server",
          "stdio:npx -y <target>"
        ]
      }
    }
  }
}

加入 context_servers。Zed 儲存後熱重載。

claude mcp add cisco-mcp-scanner -- uvx mcp-scanner --server 'stdio:npx -y <target>'

一行命令搞定。用 claude mcp list 驗證，claude mcp remove 移除。

使用場景

實戰用法： Cisco MCP Scanner

Audit a third-party MCP before adopting it

👤 Developers ⏱ ~15 min intermediate

何時使用： A teammate wants to install a community MCP and you want a security signal first.

步驟

Install scanner

uvx mcp-scanner --help✓ 已複製

→ Scanner runs
Scan

mcp-scanner --server "stdio:npx -y the-mcp" --output report.md✓ 已複製

→ Report written
Review

Open report.md; triage findings by severity.✓ 已複製

→ Adoption decision documented

結果： Documented security review before merging the MCP into your config.

Gate MCP changes in CI

👤 Developers ⏱ ~15 min intermediate

何時使用： You ship an internal MCP and want a baseline check on every PR.

步驟

Add CI step

Run mcp-scanner against the built server; fail on HIGH findings.✓ 已複製

→ PR fails on regressions
Fix or accept

Each finding gets fixed or annotated with a risk acceptance.✓ 已複製

→ Clean baseline

結果： No new prompt-injection surface ships unreviewed.

組合

與其他 MCP 搭配，撬動十倍槓桿

cisco-mcp-scanner + github

Run on every PR via Actions; comment findings on the PR

Combine cisco-mcp-scanner with github: Run on every PR via Actions; comment findings on the PR✓ 已複製

cisco-mcp-scanner + sentry

Pipe scanner findings as Sentry alerts on main branch

Combine cisco-mcp-scanner with sentry: Pipe scanner findings as Sentry alerts on main branch✓ 已複製

工具

此 MCP 暴露的能力

工具	輸入參數	何時呼叫	成本
scanner CLI	(see docs)	Not exposed as MCP tools — this is a scanner, not a server	1 call

成本與限制

運行它的成本

API 配額: N/A
每次呼叫 Token 數: Local — uses the target MCP only
費用: Free OSS
提示: Run scans in a sandboxed network so probes can't exfil real data

安全

權限、密鑰、影響範圍

憑證儲存： No credentials by itself

資料出站： Whatever the target MCP egresses

切勿授予： point at a production MCP with real credentials — use a staging instance

故障排查

常見錯誤與修復

Scanner times out on a slow MCP

Increase --timeout; check the server actually starts under stdio

False positives on benign tools

Use --baseline to mark them; future runs ignore

替代方案