Back to feed
Dev.to
Dev.to
6/24/2026
I got nervous about installing MCP servers, so I built a scanner for them

I got nervous about installing MCP servers, so I built a scanner for them

Short summary

frisk is a lightweight, offline static scanner for vetting MCP servers before installation—it flags shell piping, secret exfiltration, destructive commands, prompt injection, and hidden zero-width unicode tricks. Developers can pin and verify tool descriptions never drift, auditing already-installed skills against OWASP LLM Top 10 patterns. Available as a pip package with MIT licensing; the author deliberately avoided network calls, making it safe to run on untrusted code.

  • Static scanner flags dangerous MCP patterns: shell piping, secret theft, destructive commands, prompt injection, zero-width unicode
  • Pinning and verification ensures installed tools remain trustworthy over time
  • Runs entirely offline with stdlib-only Python for safety and dependency-free operation

Generated with AI, which can make mistakes.

Is this a good recommendation for you?

Explore more