Loading connector details…
Pentesting MCP Servers Checklist
MCPOpen SourceCC-BY-4.053.0
by appsecco • Uncategorized
A community-driven checklist for pentesting Model Context Protocol (MCP) servers.
Example Use Cases
- 1
Identify local MCP server security risks such as secrets exposure and dangerous functions.
- 2
Validate remote MCP server boundaries including authorization and telemetry consistency.
- 3
Analyze MCP server traffic for unexpected tool chaining and context injection.
Description
This repository provides a practical and structured checklist designed to help security practitioners systematically assess the risks and vulnerabilities of MCP servers. It covers local and remote server checks, traffic analysis, and common attack surfaces such as file system access, tool execution, and authorization flows. The checklist is intended to support repeatable and thorough security assessments of MCP-based tools, agents, and integrations.
Quick Actions
Security
Scanned 1 month(s) agoRisk Level
MINIMAL
Read-only data retrieval, no side effects
Trust Score
C51/100
6/17 checks passed
Scores are informational only and provided “as is” without warranty. AgentHotspot assumes no liability for actions taken based on these ratings.
Quick Stats
Service TypeMCP
Pricing ModelFree
Capabilities0 Tools / 0 Prompts / 0 Resources
Ownerappsecco
CategoryUncategorized
DependenciesStandalone
Tags
agentic-aiai-securityappseccollm-securitymcpmcp-securitymcp-serverpenetration-testingpentestingsecurity-checklist