What is an MCP config scanner?

An MCP config scanner reviews Model Context Protocol server files such as mcp.json for dangerous tools, excessive permissions, and secret leakage.

Does misconfigs scan MCP server configs?

Yes. Upload MCP configs, agent settings, prompts, tools, or a zip archive containing them.

Is misconfigs an AI security scanner?

Yes. misconfigs scans MCP configs, LLM agent settings, prompts, tools, and RAG pipelines.

MCP config scanner & AI security scanner
before agents reach production.

Upload MCP configs, agent settings, prompts, tool definitions, and RAG pipelines. Our ai scanner runs five targeted scanners to surface permission risks, dangerous tools, prompt leakage, SSRF, tool chaining, and data exposure — plus intent vs. reality gaps where agents are described as read-only but enable shell or filesystem tools.

Run security scan Learn more API quickstart

5 AI scanners

JSON · YAML · MD Supported formats

PDF Assessment report

What we scan for

MCP

MCP Scanner

Dangerous tools, prompt leakage, permission escalation, and tool chaining risks across MCP server configs.

AGT

Agent Config Scanner

Excessive permissions, unsafe tool access, and autonomous execution risks in agent settings.

PRM

Prompt Security Scanner

Hidden secrets, system prompt leakage, and prompt injection vulnerabilities in prompt files.

TOL

Tool Definition Scanner

Dangerous shell access, SSRF-capable tools, file deletion capabilities, and arbitrary code execution.

RAG

RAG Security Scanner

Sensitive documents indexed, PII exposure, and access control gaps in retrieval pipelines.

PDF

Security report

Download a PDF with findings grouped by scanner category, severity, and remediation guidance.

API quickstart

Scan via REST with your API key — same engines as the upload form.

Endpoints

MCP Agent Tools Prompt RAG

Example request

curl -X POST "http://api.misconfigs.com/api/v1/ai?format=json&fail_on=critical,high" \
  -H "X-API-Key: mc_your_key" \
  -F "file=@sample/ai/mcp.json"

Run an AI security scan

Upload MCP, agent, prompt, tool, or RAG configs — or zip them together

Drag & drop your AI configs here

MCP · agent · prompt · tool · RAG · .zip · max 10 MB

Ignore markdown files (README.md, etc.)

Automated scans only — not a penetration test, compliance audit, or professional security advice. Results may contain false positives or miss issues. You are responsible for validating findings before acting. Terms · Privacy

The optional scan assistant and Explain actions use Google Gemini (a third-party AI). Responses are generated automatically and may be inaccurate or incomplete — not security, legal, or professional advice. Chat sends finding details, scan summaries, and your messages to Google for processing. Do not include secrets you cannot afford to disclose. Official Terms (AI section) and Privacy Policy (AI section) are the source of truth, not assistant replies.

MCP config scanner & AI security scannerbefore agents reach production.