cd /news/cybersecurity/your-mcp-server-is-probably-overpriv… · home topics cybersecurity article
[ARTICLE · art-9996] src=dev.to ↗ pub= topic=cybersecurity verified=true sentiment=↑ positive

Your MCP Server Is Probably Overprivileged - Here's a Scanner For It

The article describes a common security issue with MCP (Model Context Protocol) servers, where configurations often grant tools excessive permissions, lack authentication, and expose prompt-injection vulnerabilities. To address this, the author introduces a static and dynamic scanner called `@hailbytes/mcp-security-scanner` that detects these overprivileged patterns in MCP configs and live endpoints. The tool supports SARIF output for integration with GitHub Code Scanning, allowing findings to appear as alerts on pull requests.

read1 min views17 publishedMay 22, 2026

MCP servers expose tools to LLMs, but most configs grant tools broader permissions than they need, ship without auth, and leak prompt-injection surface in tool descriptions. This scanner finds it before your model does.

Most MCP servers I've audited in the last few months had the same three issues:

  • A shell

orfs

tool was scoped to the entire filesystem when the use case needed exactly one directory. - The transport ran without auth because the local-dev SSE config got promoted to prod.

  • Tool descriptions echoed verbatim into prompts with no sanitization — a perfect injection surface.

@hailbytes/mcp-security-scanner is what I wish I'd had on day one of building MCP servers. It's a static + dynamic scanner for MCP configs and live endpoints that flags these patterns.

CLI #

npx @hailbytes/mcp-security-scanner ./mcp-config.json

npx @hailbytes/mcp-security-scanner https://my-mcp-server.example.com

npx @hailbytes/mcp-security-scanner ./config.json --output=sarif --exit-code

Programmatic #

import { scan } from "@hailbytes/mcp-security-scanner";

const report = await scan({ configPath: "./mcp-config.json" });

if (!report.passed) {
  console.error(report.findings);
  process.exit(1);
}

What it checks #

Overprivileged tools— broader permissions than the declared function needs (filesystem scope, shell access, network egress) - Missing or weak authentication— unauthenticated transports, missing token validation, plaintext secrets in config - Prompt injection surface— tool descriptions and output paths that pass through to model context without sanitization - Unsafe defaults— insecure transport defaults, verbose error exposure, CORS wildcards

The SARIF output drops straight into GitHub Code Scanning, so findings show up as alerts on PRs — same place your SAST results live.

npm install -g @hailbytes/mcp-security-scanner

Source: github.com/hailbytes/mcp-security-scanner — MIT licensed. Pairs nicely with @hailbytes/mcp-server-template if you want a scaffold that comes up secure by default.

── more in #cybersecurity 4 stories · sorted by recency
── more on @@hailbytes/mcp-security-scanner 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/your-mcp-server-is-p…] indexed:0 read:1min 2026-05-22 ·