MCP configs are a silent security risk. I built mcp-scan to fix that.

MCP (Model Context Protocol) is the new standard for connecting AI assistants to tools. Claude, Cursor, VS Code Copilot, and Windsurf all use it. Millions of developers now have MCP server configs sitting on their machines. Those configs are a mess from a security standpoint. What goes wrong Here is what I found looking at real MCP configs: Leaked secrets. People hardcode GitHub tokens, OpenAI keys, and database credentials directly in the env block. The config file sits in a predictable path with no protection. Typosquatted packages. The MCP ecosystem is new and the package names are long. @modelcontextprotocol/server-filesystem vs @modeicontextprotocol/server-filesystem - one character difference, easy to miss, potentially malicious. Overly broad permissions. Filesystem servers configured with / as the allowed path instead of ~/projects. One prompt injection later and an AI assistant has read access to your entire machine. Insecure transport. SSE-based MCP servers running over HTTP i