Connect Clawsmith to your coding agent. Ship products like crazy.Unlimited usage during betaGet API Key →
← Back to ideas
clawsmith.com/idea/audit-public-mcp-servers-for-ssrf-auth-rce-before-adoption
IdeaCompetitiveCLISECURITYMCPLive

A CLI tool that scans any public MCP server for SSRF, missing auth, and stdio RCE flaws before a developer adds it to their agent config

Between January and April 2026, 40+ CVEs were filed against MCP servers. BlueRock Security scanned 7,000+ public MCP servers and found 36.7% have SSRF vulnerabilities and 41% require no authentication at all. OX Security disclosed a systemic RCE in the MCP SDK's stdio transport affecting 150M+ downloads, and Anthropic's own mcp-server-git shipped with three RCE-enabling flaws that were quietly patched. Every developer adding a third-party MCP server to their agent config is implicitly trusting code that, statistically, has a one-in-three chance of SSRF exposure and nearly even odds of requiring no auth at all. This tool lets a developer run a single command against any public MCP server's GitHub repo URL or running endpoint and get a line-level trust report covering SSRF patterns in tool parameter handling, auth posture on tool routes, prompt injection strings in tool descriptions, and unsanitized shell calls in stdio transport handlers, before the server ever touches their agent config.

Demand Breakdown

Reddit
163
HN
1

Social Proof 2 sources

RD
AI coding tools are leaking secrets via configuration directories
2026-02-01
163HN
Show HN: We scanned 306 MCP servers and 10% have critical vulnerabilities
@itaiwins · 2026-02-03
1

Gap Assessment

CompetitiveMultiple tools exist but differentiation opportunities remain

3 tools exist (mcp-scan (Invariant Labs), Pillar Security, Trend Micro AI Security) but gaps remain: Does not scan source code for SSRF or stdio RCE patterns, does not check auth posture on endpoints, runs post-install not pre-adoption, and has no CVE feed integration for known-bad servers; No MCP-server-specific static analysis, no pre-adoption CLI vetting workflow, targets enterprise deployments not individual developers adding community MCP servers.

Features2 agent-ready prompts

Static source scanner that ingests a GitHub repo URL and reports SSRF patterns in tool parameter handlers, unsanitized shell calls in stdio transport, and auth-gate gaps on tool routes
Live endpoint probe that connects to a running MCP server and tests auth posture, SSRF exposure, and prompt injection in tool descriptions at the protocol level

Competitive LandscapeFREE

ProductDoesMissing
mcp-scan (Invariant Labs)Open-source scanner that checks MCP server tool definitions for prompt injection and tool-poisoning patterns by reading the tool descriptions returned at runtimeDoes not scan source code for SSRF or stdio RCE patterns, does not check auth posture on endpoints, runs post-install not pre-adoption, and has no CVE feed integration for known-bad servers
Pillar SecurityEnterprise AI security platform covering LLM app scanning and agent threat detection at the network layerNo MCP-server-specific static analysis, no pre-adoption CLI vetting workflow, targets enterprise deployments not individual developers adding community MCP servers
Trend Micro AI SecurityResearch and enterprise threat intelligence covering AI agent attack surfaces; published findings on 492 zero-auth exposed MCP serversNo developer-facing CLI or scanning tool, research output only, no actionable pre-adoption gate for individual developers

Leads24BUILDER

@skilldeliver
@lbeurerkellner
@wat10000
@TeMPOraL
@rybosome
@kevincox
@freeone3000
@CMCDragonkai
24 people already want this

Sign in to unlock full access.

Aggregate Score
180
24 leads found
Details
TypeProduct Idea
Competitors3
Features2
Issues2
Leads24
Source Signals
All signals →
180MCP Security Crisis: 40+ CVEs, 36% SSRF Exposure, Prompt Injection at Scale
Related Ideas
All ideas →
0A CLI tool that scans MCP servers for SSRF vulnerabilities, prompt injection paths, and protocol spec violations before they are published to any registry0A CLI tool that scans a running OpenClaw instance for every known CVE, exposed endpoint, malicious skill, and token scope violation, then outputs a prioritized remediation checklist0A runtime behavioral sandbox that detects guidance injection attacks in OpenClaw skills by observing what agents actually do instead of scanning what skills say
Tags
CLISECURITYMCPDEVTOOLSTATIC-ANALYSISAGENT-SECURITY