安全 MCP | Security

中文 English

中文

密钥管理、漏洞扫描、代码安全审计等安全相关 MCP 服务器。

注意:安全类 MCP 应严格遵循最小权限原则,仅授予必要访问权限。

密钥与凭证管理

名称 厂商 描述 语言 Stars
1Password MCP 社区 1Password 金库集成,密钥与凭证安全读取 TypeScript
Infisical MCP Infisical 官方 开源密钥管理与注入 JavaScript
HashiCorp Vault MCP 社区 Vault 动态密钥与 Secret 管理 Go

代码安全扫描

名称 厂商 描述 语言 Stars
Semgrep MCP Semgrep 官方 静态代码安全分析 Python
Snyk MCP 社区 开源依赖漏洞与许可证检测 JavaScript
OSV MCP 社区 OSV.dev 漏洞数据库集成,依赖漏洞分析 Go
Snyk Agent Scan Snyk 官方 AI 代理和 MCP 服务器安全扫描 Python

渗透测试

名称 厂商 描述 语言 Stars
Bolt 社区 Docker 化 Kali Linux 安全工具,100+ 渗透测试工具 TypeScript
Kastell 社区 服务器安全审计(413 项检查,29 个类别) TypeScript
Beagle Security MCP Beagle Security 官方 自动化渗透测试和攻击面管理 TypeScript
Operant MCP 社区 网络取证、内存分析和漏洞评估,51 个安全工具 TypeScript

运行时安全

名称 厂商 描述 语言 Stars
Runtime Guard 社区 阻止危险操作如 rm -rf、敏感文件访问、权限提升 TypeScript
AgentWard 社区 AI 代理权限控制平面,代码级安全策略 TypeScript

云安全

名称 厂商 描述 语言 Stars
Tenzir MCP Tenzir 官方 安全数据管道和 OCSF 标准化 Python
StepSecurity MCP StepSecurity 官方 供应链和 CI/CD 安全问题调查 TypeScript
Kastell 社区 Hetzner、DigitalOcean、Vultr、Linode 服务器强化 TypeScript

威胁情报

名称 厂商 描述 语言 Stars
Mallory MCP 社区 实时网络威胁情报和漏洞信息 Python
Kaspersky OpenTIP Kaspersky 官方 卡巴斯基威胁情报平台 Python
urlDNA MCP 社区 URL 扫描和恶意内容分析 Python

身份与密钥安全

名称 厂商 描述 语言 Stars
PiQrypt MCP 社区 后量子密码学证明和安全审计追踪 TypeScript
Agent Receipts 社区 AI 代理加密问责,Ed25519 签名收据 TypeScript

MCP 安全评估

名称 厂商 描述 语言 Stars
MCP Shield 社区 MCP 服务器安全扫描 TypeScript
MCPSafetyScanner 社区 自动化 MCP 安全审计和修复 Python
cisco-mcp-scanner Cisco 官方 MCP 服务器威胁扫描 Python

隐私合规

名称 厂商 描述 语言 Stars
PageGuard MCP 社区 隐私合规检测,追踪技术、Cookie 和第三方数据收集 TypeScript
MCP Presidio 社区 PII 检测和匿名化,支持 25+ 种个人信息类型 TypeScript
Vaulted 社区 端到端加密、自毁式秘密共享,零知识加密 TypeScript

English

MCP servers for secret management, vulnerability scanning, and code security auditing.

Note: Security MCP servers should follow the principle of least privilege — only grant necessary access.

Secret & Credential Management

Name Vendor Description Language Stars
1Password MCP Community 1Password vault integration for secrets and credentials TypeScript
Infisical MCP Infisical Official Open-source secret management and injection JavaScript
HashiCorp Vault MCP Community Vault dynamic secrets and secret management Go

Code Security Scanning

Name Vendor Description Language Stars
Semgrep MCP Semgrep Official Static code security analysis Python
Snyk MCP Community Open-source dependency vulnerability detection JavaScript
OSV MCP Community OSV.dev vulnerability database integration Go
Snyk Agent Scan Snyk Official Security scanner for AI agents and MCP servers Python

Penetration Testing

Name Vendor Description Language Stars
Bolt Community Docker-based Kali Linux security tools, 100+ pen testing tools TypeScript
Kastell Community Server security auditing (413 checks, 29 categories) TypeScript
Beagle Security MCP Beagle Security Official Automated penetration testing and attack surface management TypeScript
Operant MCP Community Network forensics, memory analysis, and vulnerability assessment, 51 tools TypeScript

Runtime Security

Name Vendor Description Language Stars
Runtime Guard Community Blocks dangerous operations: rm -rf, sensitive file access, privilege escalation TypeScript
AgentWard Community AI agent permission control plane with code-level policies TypeScript

Cloud Security

Name Vendor Description Language Stars
Tenzir MCP Tenzir Official Security data pipelines and OCSF mapping Python
StepSecurity MCP StepSecurity Official Supply chain and CI/CD security investigation TypeScript
Kastell Community Server hardening for Hetzner, DigitalOcean, Vultr, and Linode TypeScript

Threat Intelligence

Name Vendor Description Language Stars
Mallory MCP Community Real-time cyber threat intelligence and vulnerability information Python
Kaspersky OpenTIP Kaspersky Official Kaspersky threat intelligence platform Python
urlDNA MCP Community URL scanning and malicious content analysis Python

Identity & Key Security

Name Vendor Description Language Stars
PiQrypt MCP Community Post-quantum cryptographic proofs and secure audit trails TypeScript
Agent Receipts Community Cryptographic accountability for AI agents with Ed25519-signed receipts TypeScript

MCP Security Assessment

Name Vendor Description Language Stars
MCP Shield Community Security scanner for MCP servers TypeScript
MCPSafetyScanner Community Automated MCP safety auditing and remediation Python
cisco-mcp-scanner Cisco Official Threat scanning for MCP servers Python

Privacy & Compliance

Name Vendor Description Language Stars
PageGuard MCP Community Privacy compliance detection for tracking tech, cookies, third-party data TypeScript
MCP Presidio Community PII detection and anonymization for 25+ PII types TypeScript
Vaulted Community End-to-end encrypted, self-destructing secrets sharing TypeScript