Agentlint – A security scanner for MCP server configs

Agentlint, a security scanner for MCP server configs, has been released to detect dangerous permissions, hardcoded secrets, and missing guardrails before deployment. The tool scans configuration files and assigns risk scores from 1 to 10, flagging critical issues like hardcoded API keys and broad filesystem access. It aims to address the growing security surface of AI agents by providing a standard auditing mechanism.

A security scanner for MCP server configs — catch dangerous permissions, hardcoded secrets, and missing guardrails before you ship. pip install leporis-agentlint bash $ agentlint scan mcp.json ┌──────────────────────────────────────────────────────┐ │ github-server .... 6/10 │ │ Hardcoded secret: env var 'GITHUB TOKEN' │ │ contains a literal secret value. │ │ No approval gate: server is missing │ │ 'requireApproval' or 'humanInLoop' field. │ └──────────────────────────────────────────────────────┘ ┌──────────────────────────────────────────────────────┐ │ filesystem ..... 5/10 │ │ Broad filesystem access: arg '/home' exposes │ │ sensitive paths. │ │ No approval gate: server is missing │ │ 'requireApproval' or 'humanInLoop' field. │ └──────────────────────────────────────────────────────┘ ┌─────────────────── Summary ──────────────────────────┐ │ Servers scanned 2 │ │ Average risk score 5.5 / 10 │ │ Critical findings 2 │ │ Warnings 2 │ │ Total findings 4 │ └──────────────────────────────────────────────────────┘ Highest-Risk Servers Server Score github-server .... 6/10 filesystem ..... 5/10 bash $ agentlint scan mcp.json --json { "github-server": { "score": 6, "findings": {"level": "critical", "detail": "Hardcoded secret: env var 'GITHUB TOKEN' contains a literal secret value."}, {"level": "warning", "detail": "No approval gate: server is missing 'requireApproval' or 'humanInLoop' field."} } } | | Check | What it catches | Severity | |---|---|---|---| | 1 | Hardcoded secrets | API keys, tokens, passwords, JWTs baked into env values | Critical | | 2 | Broad filesystem access | Args exposing /home , /etc , /var , ~/ , root, Windows drives | Critical | | 3 | Missing env vars | Server name suggests auth github, postgres, stripe… but env is empty | Warning | | 4 | No approval gate | Missing requireApproval or humanInLoop field | Warning | Each server gets a risk score 1–10 . Green ≤3 , yellow 4–6 , red 7+ . bash $ agentlint ci agentlint: 4 servers scanned, 3 critical violations, 2 servers scored = 7. Build failed. Exits 0 if clean, 1 if any server scores ≥ 7. Auto-discovers config from claude desktop config.json , .mcp.json , or mcp.json in the repo root. .github/workflows/agentlint.yml name: agentlint on: push: branches: main, master pull request: branches: main, master jobs: agentlint: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: actions/setup-python@v5 with: python-version: "3.12" - name: Install agentlint run: pip install leporis-agentlint - name: Run agentlint CI check run: agentlint ci AI agents are shipping with MCP servers that get filesystem access, network access, and raw API keys handed to them at launch. There is no built-in sandbox, no mandatory approval step, and no standard way to audit what a given config actually grants. The industry is racing to give agents more capabilities while the security surface grows unchecked. agentlint is a single-file scanner that reads your MCP config and tells you what's dangerous — before your agent touches production.