// MCP TOOL REFERENCE

SECURITY SCANNER TOOLS

5 tools from the Security Scanner MCP Server, categorised by risk level.

View the Security Scanner policy →

READ TOOLS

4
check_cves Checks a list of MCP server names and optional versions against a database of known CVEs in the MCP ecosystem (covering path traversal, SSRF, auth ... scan_config Scans an MCP configuration file (claude_desktop_config.json, .mcp.json, etc.) for security vulnerabilities including hardcoded secrets, excessive p... scan_tool_definitions Analyzes MCP tool definitions for security vulnerabilities including prompt injection vectors, tool poisoning patterns, overly broad filesystem acc... validate_auth Validates OAuth 2.1, API key, or bearer token authentication configuration for an MCP server. Checks for proper PKCE usage, token storage security,... 2/5

WRITE TOOLS

1
generate_report Generates a comprehensive security report from scan results. Includes an executive summary with overall risk score (0-100), detailed findings with ... 2/5
// FAQ
How many tools does the Security Scanner MCP server have? +

The Security Scanner MCP server exposes 5 tools across 2 categories: Read, Write.

How do I enforce policies on Security Scanner tools? +

Use Intercept, the open-source MCP proxy. Write YAML rules for each tool — rate limits, argument validation, or deny rules — then run Intercept in front of the Security Scanner server.

What risk categories do Security Scanner tools fall into? +

Security Scanner tools are categorised as Read (4), Write (1). Each category has a recommended default policy.

Enforce policies on Security Scanner

Open source. One binary. Zero dependencies.

npx -y @policylayer/intercept
github.com/policylayer/intercept →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.