—
Security Score
—
Critical
—
High
—
Medium
—
Servers
—
Tools
⊘
No scan data
Go to New Scan and select an Example or paste your own MCP configuration. Results will populate all pages.
⚡ REST API
API
Loading...
❯ CLI Tool
CLI
Loading...
Detection Coverage
01 — Semantic Threat Analysis (STA) READY
02 — Cross-Origin Influence (COI) READY
03 — Schema Integrity (SIM) READY
04 — Data Flow Path (DFP) READY
05 — Attack Surface Hardening (ASH) READY
06 — MCP Secret Exposure (SDE) READY
07 — Package Provenance (PPV) READY
08 — Permission Alignment (CPA) READY
09 — Auth Posture (ATP) PLANNED
MCP Configuration Input
Or: Enter server URL · Upload config file | Examples: Secrets · Poisoning · Overperm
Detection Modules
Scan Options
☰
No scan results yet
Go to New Scan and select an example or paste your own config to see engine results here.
—
Total Servers
—
Assessable
—
Needs Auth
—
Stdio Only
Official MCP Registry
Pulls the Official MCP Registry (registry.modelcontextprotocol.io) and identifies servers available for security assessment. Assessable servers have public endpoints with no authentication required.
⊕
Registry not loaded
Click Pull Registry to discover MCP servers from the Official Registry and identify which ones are available for assessment.
⚑
No findings yet
Run a scan to see security findings with severity, confidence scores, and remediation guidance.
⬡
No servers scanned
Run a scan to see your MCP server inventory with per-server findings.
⇶
No data flows mapped
Run a scan to see source → transform → sink classification and exfiltration paths.
⊡
No integrity baseline
Run a scan to establish a schema baseline and detect rug pulls — tool definitions that change to include malicious directives.
⬮
No cross-origin data
Run a scan to detect cross-server shadowing — where one server's tool manipulates another server's behavior.
⚿
No secrets scanned
Run a scan to detect exposed credentials, API keys, tokens, and PII in MCP server configurations.
⊞
No packages verified
Run a scan to verify MCP server packages against npm/PyPI — checking for malicious packages, typosquatting, and version pinning.
⛨
No permissions analyzed
Run a scan to score each tool's requested capabilities against its stated purpose and flag over-privileged tools.
⚷
Auth Posture Analysis
Auth Posture analysis requires authenticated access to the MCP server being assessed. Our current scanning methodology is passive — we only call tools/list to read the publicly advertised schema. We do not authenticate, invoke tools, or access protected resources.
To properly assess auth posture — OAuth scope validation, token delegation chains, credential rotation, and JIT access patterns — we would need the server operator to grant assessment credentials. This is planned for the Authenticated Assessment tier, where server operators opt in and provide access for deeper analysis.
Planned capabilities when authenticated access is available:
ATP-01
Token audience & scope validation
ATP-02
Credential delegation chain analysis
ATP-03
Cross-tenant isolation verification
ATP-04
Token rotation & JIT access scoring
◎
No server data
Run a scan to see the MCP server topology — tools, findings, and severity mapped visually.
Loading engine catalog...
REST API v1
Programmatic access to PRAQTOR MCP-S security scanning
● Connected
v1.0.0
Quick Start
Run a security scan by sending your MCP config JSON to the API:
curl -X POST \
-H "X-API-Key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
https://praqtormcp.fly.dev/api/v1/scan \
-d @config.json
Authentication
All v1 endpoints require an X-API-Key header. API keys are set via the PRAQTOR_API_KEYS environment variable on the server. Multiple keys can be comma-separated for team access.
Endpoints
| Method | Endpoint | Description |
|---|---|---|
| POST | /api/v1/scan | Run security scan on MCP config |
| GET | /api/v1/results/{id} | Retrieve scan results (use "latest" for most recent) |
| GET | /api/v1/results/{id}/findings | Get findings with filters: severity, engine, server |
| GET | /api/v1/engines | List all 8 detection engines |
| GET | /api/v1/health | Health check with engine status |
Response Format
Every scan returns a structured JSON response with security score, findings, and attack chains:
{
"scan_id": "scan-20260221-161432",
"security_score": 65,
"summary": {
"total_findings": 5,
"by_severity": { "critical": 1, "high": 2, "medium": 1, "low": 1 },
"total_attack_chains": 0
},
"findings": [ ... ],
"attack_chains": [ ... ]
}
Scan History
Loading scan history...
CLI Tool
Scan MCP configurations from your terminal or CI/CD pipeline
Install
pip install praqtor-mcp
Quick Start
Scan a local MCP config file against the PRAQTOR API:
praqtor-mcp scan config.json \
--api-url https://praqtormcp.fly.dev \
--api-key YOUR_API_KEY
Or set environment variables to avoid passing flags every time:
export PRAQTOR_API_URL=https://praqtormcp.fly.dev
export PRAQTOR_API_KEY=YOUR_API_KEY
praqtor-mcp scan config.json
Output Formats
| Flag | Format | Use Case |
|---|---|---|
| --format text | Human-readable (default) | Interactive terminal use |
| --format json | Machine-readable JSON | Piping to jq, scripts, dashboards |
| --format sarif | SARIF v2.1.0 | GitHub Advanced Security integration |
Exit Codes
0 — Passed (no critical or high findings)
1 — Warning (high severity findings detected)
2 — Failed (critical findings detected)
1 — Warning (high severity findings detected)
2 — Failed (critical findings detected)
Use exit codes to gate deployments — a non-zero exit fails the CI/CD pipeline automatically.
CI/CD Integration — GitHub Actions
name: MCP Security Scan
on: [push, pull_request]
jobs:
security-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install PRAQTOR MCP-S
run: pip install praqtor-mcp
- name: Run Security Scan
run: |
praqtor-mcp scan mcp-config.json \
--api-url ${{ secrets.PRAQTOR_URL }} \
--api-key ${{ secrets.PRAQTOR_KEY }} \
--format sarif > results.sarif
- name: Upload SARIF
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif
Scan History
Loading scan history...