Secure-Hulk
par appiumtestdistribution
Security scanner for MCP servers — detects prompt injection, tool poisoning, data exfiltration, and toxic agent flows in your MCP configurations.
What it does
Secure-Hulk scans your MCP server configurations for security vulnerabilities before they can be exploited. It connects to configured MCP servers, analyses tool descriptions and resource definitions, and flags risky patterns including prompt injection attempts, tool poisoning, cross-origin escalation, data exfiltration vectors, and multi-step toxic agent flows.
Sponsored by LambdaTest, it integrates optional AI-powered content moderation via OpenAI's Moderation API and Hugging Face safety models for deeper analysis beyond static pattern matching.
Tools
- scan — Scans one or more MCP configuration files; outputs findings as terminal output, JSON, or HTML report
- inspect — Inspects and summarises a configuration file's MCP servers and tools without running security checks
- whitelist — Manages a whitelist of approved entities to reduce false positives across scans
Installation
{
"mcpServers": {
"secure-hulk": {
"command": "npx",
"args": ["secure-hulk", "scan", "/path/to/claude_desktop_config.json"]
}
}
}
Or install globally and run as a CLI:
npm i -g secure-hulk
secure-hulk scan /path/to/config.json
secure-hulk scan --html report.html /path/to/config.json
Supported hosts
Runs as a standalone CLI and MCP server. Confirmed to work with Claude Desktop via stdio.
Installation rapide
npx secure-hulk scan /path/to/claude_desktop_config.jsonInformations
- Tarification
- free
- Publié
- 4/6/2026
- Mis à jour
- 10 months ago
- étoiles
- 6