FAQ

What is MCPSafe?

MCPSafe is a security scanner for MCP (Model Context Protocol) servers — the plugins that give AI assistants like Claude, Cursor, and Windsurf access to tools. MCPSafe checks for prompt injection, secret exfiltration, over-broad permissions, destructive tools, supply-chain risk, and other AI-specific vulnerabilities before you connect a server to your AI environment.

Does scanning require an account?

No. Public scans work without authentication. An account gives you scan history, higher rate limits, API keys, and private scan results (paid plans).

How long does a scan take?

It depends on the mode:

• Fast scan — target p95 under 3 minutes, hard cap at 20 min
• Deep scan — target p95 under 20 minutes, hard cap at 30 min

Cached results (recently scanned packages) return instantly regardless of mode.

What's the difference between Fast and Deep?

Fast runs T1 rules — pattern, manifest, and supply-chain checks across the full rule catalog. Deep runs T1 + T2 rules (taint analysis, AI-assisted semantic checks) plus a 5-model judge panel that votes on each tool handler. The judge panel adjusts the score; rule findings drive the verdict either way. See Methodology for the full breakdown.

What does "cached" mean on a scan result?

If the same package was scanned recently, MCPSafe returns the cached result to save time. The scan report header shows the cache date. Click "Rescan" to force a fresh scan (subject to rate limits).

What package types are supported?

• npm — scoped (@scope/pkg) and bare (express)
• PyPI — pypi: prefix or version pin (pypi:requests==2.31.0)
• GitHub — full URL (github.com/owner/repo) or shorthand (owner/repo)
• Docker — docker:image:tag, plus GHCR / GCR / MCR
• Official MCP Registry — io.github.* and other reverse-domain IDs

Full reference at Input formats.

Is the scan result public?

Public scans (the default) have a public permalink (mcpsafe.io/scan/<id>) and appear in the public registry. Private scans require a paid plan and are isolated to your account; they never appear in the registry and cannot be read by anyone else.

Visibility is fixed at submission time — you can't flip a public scan to private (or vice versa) after it runs.

What is AIVSS?

AIVSS (AI Vulnerability Severity Score) is MCPSafe's scoring model adapted from CVSS for AI tool use. It scores vulnerabilities on a 0–10 scale accounting for AI-specific factors like autonomous tool chaining and prompt injection. See AIVSS Scoring for full details.

Can MCPSafe scan private npm packages or private GitHub repos?

Yes — paid plans support token-based private scans for GitHub repos, npm packages, PyPI packages, Docker Hub images, and GHCR images. You supply a read-only token at submission; it's used once for the download and never logged or stored. The scan result stays in your account only.

How do I use the scan badge?

Add this markdown to your README:

![MCPSafe](https://api.mcpsafe.io/api/badge/{scan_id})

Replace {scan_id} with the ID from your scan result. The badge auto-updates when you rescan.

What are the rate limits?

Per-tier monthly caps for API-key requests:

Requests are bucketed across minute / day / week / month windows. See API Overview — Rate limits for the full picture.

How do I report a false positive?

Each finding card on the scan report has a Report false positive → link that opens a pre-filled email to fp@mcpsafe.io with the scan ID, rule ID, file path, and severity attached. We review reports weekly and tune the rule. (A self-service queue UI is on the roadmap.)

Is the rule set transparent?

Yes — every active rule is listed at /threats/coverage with its threat-model mapping.