Local static analysis for MCP

Verify MCP setup before you run it.

Review config, prompts, tool descriptions, and manifests for risky patterns and over-scoped access. The default scan stays on disk, does not execute tools, and does not connect to the server.

npm npm install -g mcp-preflight

VS Code MCP Preflight: Scan Workspace

Release Single-file CLI bundle from GitHub Releases

Get the extension Install the CLI Compare Pro

Lite local scan, no account, local suppressions Pro reports, hooks, CI mode, presets

Open VSX GitHub Releases npm

Representative scan

One command, readable output.

This is still a static review. It inspects the setup surface before anything is executed.

fail

mcp-preflight scan /workspace/agent-repo

Files reviewed 18

Findings 6

Suppressed 1

Remote MCP URL uses insecure transport error

http://127.0.0.1:8080/mcp with credentials in the URL

Move auth into headers or env-backed fields and switch to HTTPS before first use.

Environment passthrough is broader than needed warning

inheritEnv=true plus named token forwarding

Disable blanket inheritance and pass only the specific variables the server needs.

Floating launcher deserves review warning

npx @example/filesystem-server --path /

Common in quickstarts. Safer once pinned or replaced with a reviewed local install.

Reads .vscode/mcp.json, manifests, prompt resources, tool descriptions, and obvious secret-bearing files.

Static scope

Built around the files that define trust.

The product is narrow on purpose. It focuses on the local setup surface around MCP, not runtime enforcement or live endpoint probing.

What it reviews

The setup surface, not the marketing story.

MCP config files .vscode/mcp.json, editor-specific config locations, and related workspace settings.

Tool and prompt text Descriptions and prompt resources that can hide risky instructions, side effects, or poisoned guidance.

Repo manifests package.json, pyproject.toml, and lockfile presence that affect how servers are installed and reviewed.

Local scope and secrets Environment forwarding, filesystem breadth, obvious secret-bearing files, and install-source drift.

What it can flag

Signals that matter before first use.

credential exposure and token passthrough
over-broad environment and path scope
prompt injection and tool poisoning language
auth, transport, and manifest hygiene problems

Install paths

Three entry points, one scanner.

Extension VS Code Marketplace or Open VSX

npm npm install -g mcp-preflight

Bundle Single-file CLI from GitHub Releases

Boundary

What it is not.

not a hosted scanner
not a runtime gateway
not a SIEM or generic AppSec suite
not live server testing by default

How it fits

Start local. Add workflow controls only when you need them.

Lite

Run a local scan, keep the output readable, and suppress noise with a local ignore file. No account required.

Pro

Add Markdown, HTML, and SARIF reports, plus Git hooks, CI mode, and policy presets when the scan becomes part of review or handoff.

Workflow posture

The scanner stays useful without turning into a dashboard. It is meant to sit next to the editor and terminal, not replace them.

Read the Pro guide Read the rule overview

Trust surface

Enough public material to evaluate it quickly.

Rules See what the scanner checks today.

Guides Read the MCP-specific setup notes on the public site.

Report Preview the output before you install Pro.

Support Async support and policy pages are public.

Privacy Support Terms Refunds

Try it first

Use the extension, the CLI, or the release bundle. The core experience is the same.

Pick the path that matches your workflow and run one scan against a real MCP setup or the bundled example workspace.

Get the extension npm package GitHub Releases