{"id":50529290,"url":"https://github.com/bogdanticu88/mcp-map","last_synced_at":"2026-06-03T11:30:37.968Z","repository":{"id":358130559,"uuid":"1240150363","full_name":"bogdanticu88/mcp-map","owner":"bogdanticu88","description":"Static attack surface analyzer for MCP servers and LLM tool definitions","archived":false,"fork":false,"pushed_at":"2026-05-15T21:21:27.000Z","size":1105,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-15T23:37:46.530Z","etag":null,"topics":["cli","devsecops","llm","mcp","mitre-atlas","model-context-protocol","owasp","python","security","static-analysis"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bogdanticu88.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-05-15T20:25:31.000Z","updated_at":"2026-05-15T21:21:31.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/bogdanticu88/mcp-map","commit_stats":null,"previous_names":["bogdanticu88/mcp-map"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/bogdanticu88/mcp-map","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bogdanticu88%2Fmcp-map","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bogdanticu88%2Fmcp-map/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bogdanticu88%2Fmcp-map/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bogdanticu88%2Fmcp-map/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bogdanticu88","download_url":"https://codeload.github.com/bogdanticu88/mcp-map/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bogdanticu88%2Fmcp-map/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33863265,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-03T02:00:06.370Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cli","devsecops","llm","mcp","mitre-atlas","model-context-protocol","owasp","python","security","static-analysis"],"created_at":"2026-06-03T11:30:36.071Z","updated_at":"2026-06-03T11:30:37.933Z","avatar_url":"https://github.com/bogdanticu88.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\"assets/logo.png\" alt=\"mcpmap\" width=\"180\" /\u003e\n\u003c/p\u003e\n\n\u003ch1 align=\"center\"\u003emcpmap\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\n  Static attack surface analyzer for MCP servers and LLM tool definitions.\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://pypi.org/project/mcpmap/\"\u003e\u003cimg src=\"https://img.shields.io/pypi/v/mcpmap?color=5b67f5\u0026label=pypi\" alt=\"PyPI version\" /\u003e\u003c/a\u003e\n  \u003ca href=\"https://pypi.org/project/mcpmap/\"\u003e\u003cimg src=\"https://img.shields.io/pypi/pyversions/mcpmap?color=5b67f5\" alt=\"Python versions\" /\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/bogdanticu88/mcp-map/actions/workflows/ci.yml\"\u003e\u003cimg src=\"https://img.shields.io/github/actions/workflow/status/bogdanticu88/mcp-map/ci.yml?branch=main\u0026label=CI\" alt=\"CI\" /\u003e\u003c/a\u003e\n  \u003ca href=\"https://pypi.org/project/mcpmap/\"\u003e\u003cimg src=\"https://img.shields.io/pypi/dm/mcpmap?color=5b67f5\u0026label=installs\" alt=\"PyPI downloads\" /\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/bogdanticu88/mcp-map/blob/main/LICENSE\"\u003e\u003cimg src=\"https://img.shields.io/github/license/bogdanticu88/mcp-map?color=5b67f5\" alt=\"License\" /\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n---\n\n## Why this matters\n\nMCP servers run with the same OS permissions as the user who launched them. When you add a server to your Claude Desktop config, you are granting it the ability to read files, execute commands, call APIs, and send emails — silently, on every session start.\n\nMost people install MCP servers the same way they install browser extensions: quickly, without reviewing what they do. The difference is that an MCP server operates inside your AI agent's context, meaning a single malicious or misconfigured server can:\n\n- **execute shell commands** on your machine via prompt injection\n- **read SSH keys, tokens, and credentials** from broad filesystem paths\n- **exfiltrate data** through email or HTTP tools triggered by a poisoned prompt\n- **persist across sessions** because the config is loaded automatically\n\nmcpmap scans your configuration before any of that can happen. It takes under a second, requires no network access, and maps every finding to [OWASP LLM Top 10](https://genai.owasp.org/) and [MITRE ATLAS](https://atlas.mitre.org/) so you know exactly what class of attack each issue enables.\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"assets/demo.svg\" alt=\"mcpmap scan output\" width=\"740\" /\u003e\n\u003c/p\u003e\n\n---\n\n## Features\n\n- 24 detection rules across CRITICAL / HIGH / MEDIUM / LOW severity\n- Supports Claude Desktop `claude_desktop_config.json`, MCP config format, OpenAI tool definitions, and remote HTTP/SSE MCP servers\n- **Entropy-based secret detection**: catches hardcoded secrets even when env var names don't look like keys\n- **Unpinned package detection**: flags `npx -y @pkg/name` without a version pin\n- **Typosquatting detection**: edit-distance comparison against trusted publishers\n- **Adversarial instruction detection**: flags prompt-injection patterns embedded in tool descriptions\n- **Suppression / allow-list** via `.mcpmap-ignore`: silences known findings without losing other coverage\n- **Baseline / diff mode**: `--baseline` shows only what changed since the last scan\n- **Context-aware remediation**: advice names the exact path, key, or package to fix\n- Output formats: Markdown, JSON, HTML (dark-mode report), SARIF (for GitHub Code Scanning)\n- REST API (`mcpmap serve`) for integration with web tooling\n- `--fail-on` flag for CI gate enforcement\n- Custom rules via `--rules` flag\n\n---\n\n## Installation\n\n```bash\npip install mcpmap\n```\n\nOr from source:\n\n```bash\ngit clone https://github.com/bogdanticu88/mcp-map\ncd mcp-map\npip install -e \".[dev]\"\n```\n\nWorks on Windows, macOS, and Linux. Requires Python 3.9+.\n\nSet `NO_COLOR=1` to disable all colour output.\n\n---\n\n## Quick Start\n\n```bash\n# Find your Claude Desktop config (cross-platform)\nmcpmap find\n\n# Scan a config file\nmcpmap scan ~/.config/Claude/claude_desktop_config.json\n\n# Scan a directory for all JSON/YAML configs\nmcpmap scan ./configs/\n\n# Show all built-in detection rules\nmcpmap rules\n\n# Output an HTML report\nmcpmap scan config.json --format html --output report.html\n\n# Fail CI if any HIGH or CRITICAL finding is detected\nmcpmap scan config.json --fail-on HIGH\n\n# Show only new findings since the last scan\nmcpmap scan config.json --save-baseline baseline.json\nmcpmap scan config.json --baseline baseline.json\n```\n\n---\n\n## Claude Desktop Config Location\n\n| OS | Default path |\n|---|---|\n| macOS | `~/Library/Application Support/Claude/claude_desktop_config.json` |\n| Windows | `%APPDATA%\\Claude\\claude_desktop_config.json` |\n| Linux | `~/.config/Claude/claude_desktop_config.json` (or `$XDG_CONFIG_HOME/Claude/`) |\n\nRun `mcpmap find` to check all known paths on your current system.\n\n---\n\n## CLI Reference\n\n```\nmcpmap [OPTIONS] COMMAND [ARGS]...\n```\n\n### `mcpmap scan`\n\n```\nmcpmap scan [OPTIONS] TARGETS...\n```\n\nTARGETS can be individual files or directories. Directories are walked recursively for `.json`, `.yaml`, and `.yml` files.\n\n| Option | Description |\n|---|---|\n| `--format`, `-f` | Output format: `markdown` (default), `json`, `html`, `sarif` |\n| `--output`, `-o` | Write report to file instead of stdout |\n| `--fail-on` | Exit with code 1 if any finding is at or above this severity (`CRITICAL`, `HIGH`, `MEDIUM`, `LOW`) |\n| `--summary` | Print terminal summary table only |\n| `--ascii` | ASCII-only output (no emoji/badges) |\n| `--rules` | Path to custom rules YAML; replaces the built-in rule set |\n| `--ignore-file` | Path to a suppression file (default: `.mcpmap-ignore` in target dir or CWD) |\n| `--no-ignore` | Disable all suppression file loading |\n| `--show-suppressed` | Include suppressed findings in the report |\n| `--baseline` | Path to a previous JSON scan result; marks new findings as NEW |\n| `--save-baseline` | Save current results as a baseline JSON file |\n| `--version`, `-V` | Show version and exit |\n\n### Exit codes\n\n| Code | Meaning |\n|---|---|\n| `0` | No findings at or above the `--fail-on` threshold (or `--fail-on` not set) |\n| `1` | One or more findings at or above the `--fail-on` severity threshold |\n| `2` | Invalid `--rules` or `--baseline` path, target not found, or output file not writable |\n\n### `mcpmap rules`\n\n```\nmcpmap rules [--rules PATH]\n```\n\nLists all detection rules in a table (ID, severity, category, name). Pass `--rules` to preview a custom rules file before using it in a scan.\n\n### `mcpmap find`\n\n```\nmcpmap find\n```\n\nDetects your OS and lists known Claude Desktop config locations, indicating which exist. Prints a ready-to-paste `mcpmap scan` command for found files.\n\n### `mcpmap serve`\n\n```\nmcpmap serve [OPTIONS]\n```\n\n| Option | Description |\n|---|---|\n| `--host` | Bind host (default: `127.0.0.1`) |\n| `--port`, `-p` | Bind port, 1-65535 (default: `8000`) |\n| `--rules` | Path to custom rules YAML |\n\n---\n\n## Suppression / Allow-list\n\nCreate a `.mcpmap-ignore` file in your project root or next to the config file:\n\n```\n# Suppress this rule everywhere\nMCM-014\n\n# Suppress only for the named server\nMCM-010:my-internal-server\n\n# Suppress all findings for a server you've audited\n*:legacy-mcp-server\n```\n\nFormat per line: `RULE_ID` or `RULE_ID:server_name` or `*:server_name`. Lines starting with `#` are comments.\n\nmcpmap looks for `.mcpmap-ignore` adjacent to the first scan target, then in the current working directory. Override with `--ignore-file PATH` or disable entirely with `--no-ignore`.\n\n```bash\n# Scan with a custom suppression file\nmcpmap scan config.json --ignore-file security/approved.ignore\n\n# Show suppressed findings alongside active ones\nmcpmap scan config.json --show-suppressed\n```\n\n---\n\n## Baseline / Diff Mode\n\nTrack what changes between scans. Useful in CI to alert only on regressions.\n\n```bash\n# Step 1: save the current findings as a baseline\nmcpmap scan config.json --save-baseline baseline.json\n\n# Step 2 (later, in CI): compare against it\nmcpmap scan config.json --baseline baseline.json\n```\n\nEach finding in the output is labelled:\n\n- **NEW**: finding did not exist in the baseline\n- **Resolved**: finding was in the baseline but is no longer detected\n- **Unchanged**: present in both (hidden from the diff summary)\n\nCombine with `--fail-on` to fail CI only when new findings are introduced:\n\n```bash\nmcpmap scan config.json --baseline baseline.json --fail-on HIGH\n```\n\n---\n\n## REST API\n\nStart the server:\n\n```bash\nmcpmap serve\n```\n\n### `POST /analyze`\n\nAnalyze a config payload.\n\n```bash\ncurl -s http://localhost:8000/analyze \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\n    \"content\": {\n      \"mcpServers\": {\n        \"bash\": {\n          \"command\": \"npx\",\n          \"args\": [\"-y\", \"@anthropic-ai/mcp-server-bash\"],\n          \"env\": {\"API_KEY\": \"sk-...\"}\n        }\n      }\n    },\n    \"filename\": \"config.json\",\n    \"format\": \"json\"\n  }'\n```\n\n**Request fields:**\n\n| Field | Type | Description |\n|---|---|---|\n| `content` | object | The config to analyze |\n| `filename` | string | Hint for format detection (default: `config.json`) |\n| `format` | string | Report format in `report` field: `json`, `markdown`, `html`, `sarif` |\n| `fail_on` | string | Optional severity threshold; sets `failed: true` in response |\n\n**Response:**\n\n```json\n{\n  \"results\": [...],\n  \"summary\": {\"CRITICAL\": 2, \"HIGH\": 1, \"MEDIUM\": 0, \"LOW\": 0, \"TOTAL\": 3},\n  \"failed\": true,\n  \"report\": \"...\"\n}\n```\n\n### `GET /rules`\n\nList all loaded rules with severity, category, and framework mappings.\n\n### `GET /health`\n\nReturns `{\"status\": \"ok\", \"version\": \"...\"}`.\n\n---\n\n## Supported Input Formats\n\n### MCP Config (`claude_desktop_config.json`)\n\nLocal process-based server:\n\n```json\n{\n  \"mcpServers\": {\n    \"filesystem\": {\n      \"command\": \"npx\",\n      \"args\": [\"-y\", \"@modelcontextprotocol/server-filesystem@1.2.3\", \"/home/user/projects\"],\n      \"env\": {}\n    }\n  }\n}\n```\n\nRemote HTTP/SSE server (also scanned):\n\n```json\n{\n  \"mcpServers\": {\n    \"remote-assistant\": {\n      \"url\": \"https://mcp.example.com/sse\",\n      \"headers\": {\"Authorization\": \"Bearer sk-...\"}\n    }\n  }\n}\n```\n\n### OpenAI Tool Definitions\n\n```json\n{\n  \"tools\": [\n    {\n      \"type\": \"function\",\n      \"function\": {\n        \"name\": \"run_bash\",\n        \"description\": \"Execute a bash command\",\n        \"parameters\": {\n          \"type\": \"object\",\n          \"properties\": {\"command\": {\"type\": \"string\"}}\n        }\n      }\n    }\n  ]\n}\n```\n\n---\n\n## Rule Set\n\n### CRITICAL\n\n| ID | Name | Category |\n|---|---|---|\n| MCM-001 | Shell / Command Execution Capability | Excessive Agency |\n| MCM-002 | Arbitrary Code Execution Capability | Excessive Agency |\n| MCM-003 | Credential and Secret Store Access | Sensitive Data Exposure |\n| MCM-004 | Process Management Capability | Excessive Agency |\n\n### HIGH\n\n| ID | Name | Category |\n|---|---|---|\n| MCM-005 | Filesystem Write Access | Excessive Agency |\n| MCM-006 | Unrestricted Network Fetch / HTTP Request | Data Exfiltration |\n| MCM-007 | Email Send Capability | Data Exfiltration |\n| MCM-008 | Git Write / Repository Push Access | Supply Chain |\n| MCM-009 | Database Write / Delete Access | Excessive Agency |\n| MCM-010 | API Key or Token Exposed in Server Environment | Sensitive Data Exposure |\n| MCM-011 | Broad Filesystem Access (Root or Home Directory) | Sensitive Data Exposure |\n| MCM-012 | Overprivileged MCP Server | Excessive Agency |\n| MCM-020 | Unpinned Package Version in Auto-Accept Runner | Supply Chain |\n| MCM-021 | Adversarial Instructions Embedded in Tool Description | Prompt Injection Risk |\n| MCM-022 | High-Entropy Secret in Server Environment | Sensitive Data Exposure |\n| MCM-024 | Package Name Resembles Trusted Publisher (Typosquatting) | Supply Chain |\n\n### MEDIUM\n\n| ID | Name | Category |\n|---|---|---|\n| MCM-013 | Unrestricted Web Browsing / Browser Automation | Prompt Injection Risk |\n| MCM-014 | Unverified Third-Party MCP Server | Supply Chain |\n| MCM-015 | Tool Missing Description (Tool Confusion Risk) | Tool Confusion |\n| MCM-016 | Sensitive Directory Read Access | Sensitive Data Exposure |\n| MCM-023 | Remote MCP Server over HTTP/SSE | Supply Chain |\n\n### LOW\n\n| ID | Name | Category |\n|---|---|---|\n| MCM-017 | Calendar Write Access | Data Exfiltration |\n| MCM-018 | Social Media Post Capability | Data Exfiltration |\n| MCM-019 | Push Notification Send Capability | Data Exfiltration |\n\nEach finding includes:\n- OWASP LLM Top 10 reference(s)\n- MITRE ATLAS technique reference(s)\n- Context-aware remediation guidance (names the exact path, key, or package to fix)\n- Evidence string (what matched and where)\n\n### Detection techniques\n\n| Rule | Detection method |\n|---|---|\n| MCM-001 to MCM-019 | Pattern matching on server names, package names, tool names, descriptions, env keys, and filesystem paths |\n| MCM-020 | Detects `npx`/`uvx`/`bunx` with `-y`/`--yes` and no version-pinned package arg |\n| MCM-021 | Matches 20+ known prompt-injection phrase patterns in tool descriptions |\n| MCM-022 | Shannon entropy \u003e= 4.5 bits/char on env variable values \u003e= 20 chars (with URL/path exclusions) |\n| MCM-023 | Detects servers configured with a `url` field instead of a local `command` |\n| MCM-024 | Levenshtein distance \u003c= 2 between package scope and trusted publisher names |\n\n---\n\n## Custom Rules\n\nExtend or replace the built-in rules with your own YAML file:\n\n```yaml\nrules:\n  - id: CUSTOM-001\n    name: My Custom Rule\n    description: Detects a dangerous pattern specific to our environment.\n    severity: HIGH\n    category: Excessive Agency\n    owasp_llm:\n      - id: LLM06\n        name: \"Excessive Agency\"\n        url: \"https://genai.owasp.org/llmrisk/llm06-excessive-agency/\"\n    mitre_atlas:\n      - id: AML.T0051.001\n        name: \"LLM Prompt Injection: Indirect\"\n        url: \"https://atlas.mitre.org/techniques/AML.T0051.001\"\n    remediation: Remove or gate this tool behind human confirmation.\n    detection:\n      tool_name_patterns:\n        - my_dangerous_tool\n      tool_description_keywords:\n        - dangerous operation\n```\n\n```bash\nmcpmap scan config.json --rules my_rules.yaml\n\n# Preview which rules would be loaded\nmcpmap rules --rules my_rules.yaml\n```\n\n### Detection fields\n\n| Field | Type | Description |\n|---|---|---|\n| `server_name_patterns` | list[str] | Substring match on server name |\n| `package_patterns` | list[str] | Substring match on package name |\n| `broad_path_patterns` | list[str] | Exact or subdirectory-prefix match on args |\n| `sensitive_path_patterns` | list[str] | Substring match on args |\n| `env_key_patterns` | list[str] | Substring match on env variable keys |\n| `env_value_entropy_threshold` | float | Flag env values with Shannon entropy above this level |\n| `env_value_min_length` | int | Minimum value length for entropy check (default: 20) |\n| `tool_name_patterns` | list[str] | Substring match on tool name |\n| `tool_description_keywords` | list[str] | Substring match on tool description |\n| `description_injection_patterns` | list[str] | Adversarial phrases to detect in tool descriptions |\n| `parameter_names` | list[str] | Substring match on tool parameter names |\n| `check_empty_description` | bool | Flag tools with no description |\n| `check_unpinned_package` | bool | Flag auto-accept runners without a version pin |\n| `check_remote_server` | bool | Flag servers configured with a `url` field |\n| `check_typosquatting` | bool | Enable edit-distance check against trusted publishers |\n| `typosquatting_distance` | int | Maximum edit distance to flag (default: 2) |\n| `trusted_package_prefixes` | list[str] | Trusted publisher prefixes for supply chain checks |\n| `high_risk_tool_threshold` | int | Number of high-risk findings to trigger MCM-012 |\n\n---\n\n## CI/CD Integration\n\n### GitHub Actions\n\n```yaml\n- name: Scan MCP config\n  run: |\n    pip install mcpmap\n    mcpmap scan claude_desktop_config.json --fail-on HIGH --format sarif --output mcpmap.sarif\n\n- name: Upload SARIF to Code Scanning\n  uses: github/codeql-action/upload-sarif@v3\n  with:\n    sarif_file: mcpmap.sarif\n```\n\nWith baseline diff to fail only on new regressions:\n\n```yaml\n- name: Restore baseline\n  uses: actions/cache@v4\n  with:\n    path: mcpmap-baseline.json\n    key: mcpmap-baseline-${{ github.base_ref }}\n\n- name: Scan MCP config\n  run: |\n    pip install mcpmap\n    mcpmap scan config.json \\\n      --baseline mcpmap-baseline.json \\\n      --save-baseline mcpmap-baseline.json \\\n      --fail-on HIGH\n\n- name: Save updated baseline\n  uses: actions/cache@v4\n  with:\n    path: mcpmap-baseline.json\n    key: mcpmap-baseline-${{ github.ref_name }}\n```\n\n### Pre-commit Hook\n\n```yaml\nrepos:\n  - repo: local\n    hooks:\n      - id: mcpmap\n        name: mcpmap MCP security scan\n        entry: mcpmap scan\n        args: [\"--fail-on\", \"CRITICAL\"]\n        language: python\n        files: \"claude_desktop_config\\\\.json|mcp.*\\\\.json\"\n```\n\n---\n\n## Docker\n\n```bash\ndocker build -t mcpmap .\ndocker run --rm -v $(pwd):/work mcpmap scan /work/config.json\n```\n\n---\n\n## Development\n\n```bash\npip install -e \".[dev]\"\npytest\nruff check mcpmap/\n```\n\nYou can also invoke the CLI as a module:\n\n```bash\npython -m mcpmap scan config.json\npython -m mcpmap find\npython -m mcpmap rules\n```\n\n---\n\n## Security Framework Mapping\n\nmcpmap findings map to:\n\n- **[OWASP LLM Top 10](https://genai.owasp.org/)**: LLM01 Prompt Injection, LLM02 Sensitive Information Disclosure, LLM03 Supply Chain, LLM06 Excessive Agency\n- **[MITRE ATLAS](https://atlas.mitre.org/)**: AML.T0051.000 (Direct Prompt Injection), AML.T0051.001 (Indirect Prompt Injection), AML.T0054 (LLM Jailbreak), AML.T0048 (Societal Harm)\n\n---\n\n## Limitations\n\nmcpmap is a static analyzer. It reads configuration files without executing any code or making network requests.\n\n- It cannot detect runtime misconfigurations or vulnerabilities introduced after the agent starts.\n- Entropy-based secret detection (MCM-022) may produce false positives on long random-looking values (e.g., base64-encoded certificates, concatenated UUIDs). Use `.mcpmap-ignore` to suppress confirmed non-secrets.\n- Typosquatting detection (MCM-024) compares the package scope against a built-in list of trusted publishers. Publishers not in that list are not checked.\n- Pattern matching rules (MCM-001 to MCM-019) look for known-dangerous names and capabilities. Novel tools with custom names that wrap dangerous operations are not detected unless they match a known pattern or custom rule.\n- mcpmap does not perform sandbox execution, import analysis, or dynamic taint analysis.\n\n---\n\n## License\n\nMIT. See [LICENSE](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbogdanticu88%2Fmcp-map","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbogdanticu88%2Fmcp-map","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbogdanticu88%2Fmcp-map/lists"}