# SecurityScan MCP server

Scan GitHub-hosted AI skills for vulnerabilities: prompt injection, malware, OWASP LLM Top 10.

## Links
- Registry page: https://www.getdrio.com/mcp/net-apisecurityscan-securityscan
- Repository: https://github.com/securityscan-api/securityscan-api
- Website: https://apisecurityscan.net

## Install
- Endpoint: https://apisecurityscan.net/mcp
- Auth: Auth required by registry metadata

## Setup notes
- Remote header: X-API-Key (required; secret)
- The upstream registry signals required auth or secrets.
- Remote endpoint: https://apisecurityscan.net/mcp
- Header: X-API-Key

## Tools
- scan_skill - 
    Scan a GitHub repository or skill URL for security vulnerabilities.

    This tool performs static analysis and AI-powered detection to identify:
    - Hardcoded credentials and API keys
    - Remote code execution patterns
    - Data exfiltration attempts
    - Privilege escalation risks
    - OWASP LLM Top 10 vulnerabilities

    Requires a valid X-API-Key header. Cached results (24h) do not consume credits.

    Args:
        skill_url: GitHub repository URL (e.g., https://github.com/owner/repo)
                   or raw file URL to scan

    Returns:
        ScanResult with security score (0-100), recommendation, and detected issues.
        Score >= 80 is SAFE, 50-79 is CAUTION, < 50 is DANGEROUS.

    Example:
        scan_skill("https://github.com/anthropics/anthropic-sdk-python")
     Endpoint: https://apisecurityscan.net/mcp
- get_report - 
    Get the public security report for a skill.

    Returns the most recent scan results and certification status.
    This is useful to check if a skill has been previously scanned
    without triggering a new scan. Does not consume scan credits.

    Args:
        skill_url: The skill URL to get the report for

    Returns:
        ReportResult with score, certification status, and issues summary.
        Returns error if no report exists for this URL.

    Example:
        get_report("https://github.com/jlowin/fastmcp")
     Endpoint: https://apisecurityscan.net/mcp
- check_certification - 
    Check if a skill has been certified as safe.

    Certification indicates the skill has been scanned, reviewed,
    and approved by a human administrator. Certified skills have
    a cryptographic hash that can be verified. Does not consume scan credits.

    Args:
        skill_url: The skill URL to check certification for

    Returns:
        CertificationResult indicating if the skill is certified,
        along with certification details if available.

    Example:
        check_certification("https://github.com/anthropics/anthropic-cookbook")
     Endpoint: https://apisecurityscan.net/mcp

## Resources
- stats://overview - Get overview statistics of the SecurityScan service. MIME type: text/plain

## Prompts
Not captured

## Metadata
- Owner: net.apisecurityscan
- Version: 1.0.0
- Runtime: Streamable Http
- Transports: HTTP
- License: Not captured
- Language: Not captured
- Stars: Not captured
- Updated: Mar 2, 2026
- Source: https://registry.modelcontextprotocol.io