Dev.to
6/24/2026

I got nervous about installing MCP servers, so I built a scanner for them
Short summary
frisk is a lightweight, offline static scanner for vetting MCP servers before installation—it flags shell piping, secret exfiltration, destructive commands, prompt injection, and hidden zero-width unicode tricks. Developers can pin and verify tool descriptions never drift, auditing already-installed skills against OWASP LLM Top 10 patterns. Available as a pip package with MIT licensing; the author deliberately avoided network calls, making it safe to run on untrusted code.
- •Static scanner flags dangerous MCP patterns: shell piping, secret theft, destructive commands, prompt injection, zero-width unicode
- •Pinning and verification ensures installed tools remain trustworthy over time
- •Runs entirely offline with stdlib-only Python for safety and dependency-free operation
Generated with AI, which can make mistakes.
Is this a good recommendation for you?



