Audit the security posture of your MCP servers.
Point Sentinel at a Model Context Protocol endpoint. It enumerates the server's tools, resources, and prompts, then scans them for tool poisoning, excessive scope, leaked secrets, rug pulls, and missing auth — and grades the result.
No agent integration · auth tokens never stored · reports you can re-scan & diff
The MCP failure modes that reach your LLM's context.
Tool poisoning
Hidden instructions smuggled into tool descriptions that fire before any tool is called.
Excessive scope
Filesystem, shell, or network tools requesting far broader permission than they need.
Secret leakage
API keys and tokens echoed back in tool outputs or resource contents.
Rug pulls
Tool definitions that mutate after you grant trust — flagged on re-scan via content hashing.
Missing auth
Sensitive write/delete/exec tools reachable with no authentication challenge.
Transport hygiene
Servers that skip Origin validation or accept requests without a protocol version.
From endpoint to graded report.
New scan
Recent scans
| Grade | Endpoint | Status |
|---|---|---|
| F | api.example.com/mcp | completed |
| A | docs.acme.dev/mcp | completed |
| C | tools.internal/mcp | completed |
Scan report
api.example.com/mcp 1 critical 3 high 3 medium