Now in Beta — OWASP MCP Top 10 Coverage

Secure your MCP servers
before agents connect.

The first API-first security scanner for Model Context Protocol. Detect tool poisoning, excessive permissions, and supply chain risks in seconds.

Get Early Access Read the Docs

terminal

# Scan an MCP server config in one call
curl -X POST https://api.ferrok.dev/v1/scan \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -d '{
    "config": {
      "server_url": "https://my-mcp-server.com",
      "tools": [{ ... }]
    }
  }'

# Response
{ "summary": { "score": 42, "grade": "D-", "pass_fail": "FAIL" } }
        

Features

Everything you need to ship secure agents.

Four specialized scanners working together, mapped to the OWASP MCP Top 10.

⚠

Tool Poisoning Detection

Catches hidden prompt injection, stealth instructions, data exfiltration, and zero-width character attacks in tool descriptions.

🔒

Permission Analysis

Flags code execution, filesystem access, database queries, network calls, and credential exposure. Enforces least-privilege.

📄

Schema Validation

Identifies missing schemas, unconstrained inputs, weak type definitions, and description-schema mismatches.

📡

Transport Security

Detects insecure HTTP, hardcoded secrets, npx supply chain risks, deprecated transports, and shell injection.

✅

CI/CD Gate

Returns a clear PASS or FAIL with every scan. Drop into GitHub Actions or any pipeline to block unsafe deploys.

📈

OWASP Mapping

Every finding maps to the official framework. Credible, auditable reports your security team will trust.

How It Works

Three steps. Seconds to scan.

No agents to install. No dashboards to configure. Just an API call.

Send your config

POST your MCP server JSON to the /v1/scan endpoint.

We scan everything

Four scanners analyze tools, permissions, schemas, transport, and env vars.

Get your report

Receive structured JSON with a score, grade, pass/fail verdict, and findings.

Pricing

Start free. Scale when ready.

Generous free tier for evaluation. Usage-based pricing that grows with you.

Free

$0/mo

Evaluation & personal projects

100 scans / month
All 4 scanners
JSON responses
Community support

Get Started

Starter

$19/mo

Indie devs & small teams

2,000 scans / month
All 4 scanners
Priority response
Email support

Pro

$49/mo

Growing teams & startups

10,000 scans / month
All 4 scanners
Webhook notifications
Priority support

Enterprise

Custom

Organizations needing SLAs

Unlimited scans
Custom scanner rules
SLA guarantee
Dedicated support

Secure your MCP serversbefore agents connect.