Scan MCP servers for security risks before your AI agent trusts them. Detects prompt injection, supply chain attacks (including the LiteLLM 1.82.7/1.82.8 backdoor), excessive permissions, arbitrary code execution, typosquatting, and tool shadowing. Add to your .mcp.json and let your agent audit its own tools with tooltrust_scan_config.
Tools
tooltrust_list_rules
tooltrust_lookup
tooltrust_scan_config
tooltrust_scan_server
tooltrust_scanner_scan
Server Config
{
"mcpServers": {
"tooltrust": {
"command": "npx",
"args": [
"-y",
"tooltrust-mcp"
]
}
}
}