MCPSafe.io
RegistryThreatsMethodologyDocsPricingScanSign in

Pay for what you scan.

Static scans are free forever. Paid plans add private repos and live dynamic scans. Cancel any time.

Free

$0
  • ✓Static scan (source code) — unlimited
  • ✓No credit card required
  • ✓Public scans
  • ✓1 deep scan/day · 4/week (public only)
  • ✓Badge embed
  • ✓Scan history (signed-in)
  • ✓Community support
Start free

Developer

$19/mo
  • ✓Static scan (source code) — unlimited
  • ✓1 user
  • ✓Public and Private scans
  • ✓20 public + 20 private deep scans/month
  • ✓LLM consensus panel
  • ✓API key access
  • ✓Badge embed
  • ✓Scan history
  • ✓Email support
Most popular

Team

$49/mo
  • ✓Static scan (source code) — unlimited
  • ✓5 seats included
  • ✓Public and Private scans
  • ✓60 public + 40 private deep scans/month
  • ✓LLM consensus panel
  • ✓API key access
  • ✓Badge embed
  • ✓Scan history
  • ✓Email support

Business

$149/mo
  • ✓Static scan (source code) — unlimited
  • ✓20 seats included
  • ✓Public and Private scans
  • ✓180 public + 120 private deep scans/month
  • ✓LLM consensus panel
  • ✓API key access
  • ✓Badge embed
  • ✓Scan history
  • ✓Priority support

Cancel anytime from the billing portal.

Public static scanning stays free forever. MCPSafe also runs a free, responsible-disclosure security research program against public MCP servers and notifies owners directly — that's our research, not a product. The credits below pay only for the new live Dynamic Scan, which connects to a running MCP server you operate or are authorized to test.

Dynamic scanning — pay as you go

Probe a running MCP server live. Different from the free static (source-code) scan.

2 scans free for signed-in users. Then 1 credit per scan. Credits last 12 months.

Checkout is hosted by Stripe. No card data ever touches MCPSafe. See Acceptable Use Policy before running a scan against a third-party server.

Static scanning — included in every paid plan

Public and Private scans

Scan public or private GitHub repos, npm packages, PyPI packages, and Docker images (Docker Hub + GHCR). Fair-use rate limits apply.

Fast + Deep scan modes

Fast (≤5 min) for CI/CD. Deep (≤20 min) adds LLM consensus across 5 judges for high-stakes reviews.

LLM consensus panel

5 independent LLM judges vote on each finding. Consensus reduces false positives; abstentions surface findings that need a human look.

Embeddable safety badges

Drop a Markdown or HTML snippet into your README. Badge updates as your scan grade changes.

REST API access

Mint API keys for CI/CD and integrations. Bearer-token auth, per-key rate limits, monthly scan quota that scales with your plan. Documented at /docs/api.

Email support

Reach the team for scan issues, false positives, or rule questions. Business tier gets priority routing.

FAQ

Can I cancel any time?+

Yes. Cancel from the billing portal in one click. Your access continues until the end of the current billing period.

What counts as a seat?+

One seat = one user invited to your organization. Developer includes 1 seat. Team includes 5. Business includes 20. Seat counts are fixed — upgrade to the next tier if you need more.

What are the rate limits on each plan?+

Rate limits scale with plan and run on separate buckets for public and private scans. Public scans — Free: 20/day (1 deep). Developer: 60/day (10 deep), 200/month (20 deep). Team: 200/day (20 deep), 2,000/month (60 deep). Business: 500/day (25 deep), 20,000/month (180 deep). Private scans (paid only) — Developer: 60/day (6 deep), 70/month (20 deep). Team: 200/day (15 deep), 700/month (40 deep). Business: 500/day (25 deep), 4,000/month (120 deep). Deep scans have a separate sub-cap because they run LLM consensus + AI-powered rules. Daily limits reset at midnight UTC; monthly limits reset on the 1st. Limits can be raised on request.

Can I upgrade or downgrade later?+

Yes. Change plans any time from the billing portal. Proration is handled automatically — you're billed the difference immediately on upgrade, credited on downgrade.

What's included in the free tier?+

Signed-in free users get public scans, the badge embed, and both Fast and Deep modes — capped at 20 public scans/day with 1 Deep scan/day. Anonymous visitors can run Fast scans only (20/day); sign in with GitHub or Google to unlock Deep mode. Paid plans add private repo scanning and higher daily/monthly limits.

Do you offer annual billing?+

Yes. Annual plans save 15–17% versus monthly. All tiers offer both options — switch between them at any time in the billing portal.

Questions? info@mcpsafe.io

MCPSafe.io

Security checks for MCP servers — public packages and private repos, fast or deep.

Legal

Privacy PolicyCookie PolicyTerms of ServiceSecurity disclosure

Resources

State of MCP SecuritySupportSystem statusMade in Germany 🇩🇪

© 2026 MCPSafe. All rights reserved.

GDPR — Privacy Policy