Security agent for AI developers. Scan MCP servers, run CIS benchmarks, check packages, audit dependencies, verify repos. Works in Cursor, Claude Desktop, or any MCP client.
9 tools. Zero dependencies. One install.
| Community (Free) | Pro | |
|---|---|---|
| Tools | 9 (OWASP + supply chain) | 9 + CIS Benchmark + EU AI Act + DAST |
| OWASP Scan Rules | Basic OWASP MCP Top 10 | OWASP Top 10 2025 Active Rules (6) + Passive Rules (4) |
| Interface | CLI / MCP | CLI + REST API + Dashboard |
| Output | Terminal | SARIF, JSON, JUnit, PDF |
| CI/CD | - | GitHub Actions, GitLab CI, Jenkins |
| Compliance | - | CIS MCP Benchmark (22 controls), EU AI Act |
| DAST | - | Standalone MCP DAST scanner with deep injection testing |
| Teams | Single user | Multi-user, scoreboard |
| Support | GitHub issues | Priority, SLA |
Community Edition is free under BSL 1.1. Pro requires a commercial license.
Cybersecify Pro includes dedicated active and passive scan rules mapped to the OWASP Top 10 2025:
Active Rules (6 checks) -- send crafted payloads to test for real vulnerabilities:
- SSRF with cloud metadata vectors (AWS, GCP, Azure, Alibaba, ECS)
- Command injection (8 payload variants per tool)
- Path traversal with bypass techniques (URL-encoded, double-dot, backslash)
- Authentication bypass (empty tokens, invalid credentials, sensitive tool access)
- Privilege escalation via tool capability abuse
- Input validation (SQL, NoSQL, SSTI, XSS, XXE, LDAP, JSON injection)
Passive Rules (4 checks) -- analyse responses without sending attack payloads:
- Tool poisoning and prompt injection detection in definitions and schemas
- Information leakage analysis across error responses
- Security header audit (7 required headers, CORS, TLS)
- Tool definition integrity and rug pull detection
Contact: contact@agentsign.dev
Add to your MCP client config:
Cursor (.cursor/mcp.json):
{
"mcpServers": {
"security": {
"command": "npx",
"args": ["@cybersecai/mcp-security-scanner"]
}
}
}Claude Desktop (claude_desktop_config.json):
{
"mcpServers": {
"security": {
"command": "npx",
"args": ["@cybersecai/mcp-security-scanner"]
}
}
}Then ask your AI:
- "Scan the MCP server at dvmcp.co.uk for vulnerabilities"
- "Is it safe to pip install litellm?"
- "Check if langchain-ai/langchain repo is safe"
- "Audit my package.json for security issues"
| Tool | What it does |
|---|---|
scan_server |
Full OWASP MCP Top 10 scan of any MCP server. 10 checks including auth bypass, command injection, SSRF, rug pulls, tool poisoning, unsigned messages, replay attacks, path traversal, rate limiting. |
assess_risk |
Risk-rate an MCP server's exposed tools before connecting. Scores each tool as CRITICAL/HIGH/MEDIUM/LOW/SAFE. |
check_call |
Runtime GO/CAUTION/BLOCK decision before any MCP tool call. Checks arguments for injection, tool name for sensitivity, and package for CVEs. |
check_args |
Check if tool call arguments contain injection patterns (command injection, SQL injection, path traversal, SSRF, prompt injection). |
| Tool | What it does |
|---|---|
safe_to_install |
Check any npm or PyPI package before installing. Returns SAFE/CAUTION/DANGER verdict with full vulnerability details. |
check_cves |
Check any package for known vulnerabilities. |
audit_dependencies |
Audit all dependencies in a package.json or requirements.txt file at once. |
check_repo |
Check if a GitHub repo is trustworthy. Analyses age, stars, activity, license, and security signals. Returns a trust score out of 100. |
| Tool | What it does |
|---|---|
check_agent |
Check if an AI agent, MCP server, or package has known threat entries. Queries the Agent Threat Database for real-world incidents including data exfiltration, credential theft, and supply chain attacks. |
"Is it safe to install litellm?"
Verdict: DANGER -- DO NOT INSTALL
This package contains confirmed MALICIOUS CODE.
17 vulnerabilities including credential harvesting malware.
"Scan dvmcp.co.uk for vulnerabilities"
Results: 0 passed, 10 failed (3 critical, 4 high)
[FAIL] Command Injection (CRITICAL)
[FAIL] SSRF (HIGH)
[FAIL] Authentication Bypass (HIGH)
...
"Should I call run_command with argument '; rm -rf /'"
BLOCK -- Do not execute this call.
- CRITICAL: Command injection detected
- CRITICAL: Tool 'run_command' is a sensitive tool (shell execution)
"Is langchain-ai/langchain repo safe?"
Trust Score: 80/100 (SAFE)
131,361 stars | 41 months old | MIT license | Recently active
Scan our deliberately vulnerable MCP server:
"Scan the MCP server at https://dvmcp.co.uk for security issues"
Or try the one-click scan at dvmcp.co.uk.
- OWASP MCP Security Cheat Sheet (Section 7)
- IETF draft-sharif-mcps-secure-mcp
- OWASP MCP Top 10
Raza Sharif, CyberSecAI Ltd
Business Source License 1.1 (BSL). Free for non-commercial use. Commercial use requires a license from CyberSecAI Ltd. See LICENSE for details.