Agentic-MCP-Scanner

What the project does

A multi‑agent security pipeline that scans GitHub repositories implementing the Model Context Protocol (MCP) and other LLM‑integrated systems, automatically detecting classic code vulnerabilities, MCP‑specific risks, and AI‑related threats, then generates comprehensive markdown (or PDF) security reports.

Key features

Multi‑agent architecture (scraper, analyzer, threat‑intel, report generator)

GitHub repository ingestion and selective file filtering

Real‑time threat intelligence via Firecrawl and external URLs

Detection of classic bugs (SQLi, XSS, etc.) plus MCP‑specific issues (prompt injection, tool misuse, memory poisoning, credential harvesting) and LLM attacks (model inversion, data poisoning)

CVSS & SSVC scoring, executive summary, mitigation recommendations

CLI (`mcpvuln`) and Python API for programmatic use

Markdown and optional PDF report output

Tech stack

Python 3.8+

agno (multi‑agent framework)

gitingest (repo ingestion)

firecrawl (threat intel)

google‑generativeai (Gemini LLM) & OpenAI API support

fpdf (PDF generation)

dotenv for configuration

Use case

Security engineers, DevSecOps teams, or researchers need an automated tool to audit MCP‑based applications and LLM‑enhanced services for both traditional software flaws and emerging AI‑centric vulnerabilities, integrating up‑to‑date threat data and delivering actionable reports.

System Overview

What the project does

Key features

Tech stack

Use case

Architecture Details

Backend Infrastructure

AI / Logic Core

Tech Stack

Key Capabilities