Stats
Actions
Tags
From mcp-sentinel
Scan all installed MCP servers for tool poisoning, unicode hiding, credential exfiltration directives, annotation lying, and rug pulls. Trigger when the user says "scan MCP servers", "audit MCP tools", "check for poisoned servers", "run mcp-sentinel", or any request to check MCP security. Also trigger at session start if no recent scan exists.
How this skill is triggered — by the user, by Claude, or both
Slash command
/mcp-sentinel:mcp-tool-scannerThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Connects to every MCP server in the user's config, fetches tool/resource/prompt schemas, and runs three detection layers: static checks, rug-pull hash comparison, and semantic LLM judge.
Connects to every MCP server in the user's config, fetches tool/resource/prompt schemas, and runs three detection layers: static checks, rug-pull hash comparison, and semantic LLM judge.
~/.claude/mcp.json and any project-level .mcp.jsontools/list, resources/list, prompts/list~/.claude/mcp-sentinel/pins.json (rug-pull detection)~/.claude/mcp-sentinel/report-{timestamp}.mddescription — primary attack surfaceinputSchema.properties.*.description — secondary attack surface (most scanners miss this)outputSchema.properties.*.description — tertiaryannotations — check readOnlyHint/destructiveHint for lyingresources/list and prompts/list text fieldsannotations — parse both locations<IMPORTANT>, [SYSTEM], REQUIRED:, NOTE: → HIGH~/.ssh, .env, .aws, mcp.json, /etc/passwd → CRITICALPer finding: category, OWASP Agentic Top-10 ID, severity, verbatim excerpt, explanation (1 sentence), recommendation (1 sentence). Overall: server name, verdict, finding count by severity, hash drift flag.
<UNTRUSTED> tags in judge promptsProvides CDSS development patterns for drug interaction checking, dose validation, clinical scoring (NEWS2, qSOFA), and alert classification integrated into EMR workflows.
npx claudepluginhub jakeefr/mcp-sentinel --plugin mcp-sentinel