Scans MCP servers for prompt injection, data exfiltration, and privilege escalation.
npx -y tooltrust-mcpAdd this server entry to the mcpServers object in your Claude Desktop config, then restart the app.
{
"mcpServers": {
"io-github-agentsafe-ai-tooltrust-scanner": {
"command": "npx",
"args": [
"-y",
"tooltrust-mcp"
]
}
}
}~/Library/Application Support/Claude/claude_desktop_config.json%APPDATA%\Claude\claude_desktop_config.jsonNo remote HTTP endpoint is advertised. Use the package or stdio setup shown in Install.
ToolTrust Scanner is an MCP server for Scans MCP servers for prompt injection, data exfiltration, and privilege escalation.. It supports STDIO transport.
Use the generated config in Install. This server runs with npx -y tooltrust-mcp; add any required environment variables before starting your client.
Choose the Claude Desktop tab in Install and copy the config for npx -y tooltrust-mcp. Add required environment variables before starting Claude Desktop.
Choose the Claude Code tab in Install and copy the config for npx -y tooltrust-mcp. Add required environment variables before starting Claude Code.
Choose the Codex tab in Install and copy the config for npx -y tooltrust-mcp. Add required environment variables before starting Codex.
Choose the Cursor or VS Code tab in Install and copy the config for npx -y tooltrust-mcp. Add required environment variables before starting Cursor or VS Code.
ToolTrust Scanner uses STDIO transport. Use the package or command config in Install.
ToolTrust Scanner inventory is listed when the MCP endpoint exposes tools, resources, or prompts. Some servers require auth first.
ToolTrust Scanner does not advertise a verified auth requirement. If discovery fails, it may still need provider login, an API key, a bearer token, or a session header.
| Package | Registry | Version | Inputs |
|---|---|---|---|
tooltrust-mcpstdio | npm | 1.0.9 | None advertised |