{"slug": "your-mcp-server-is-probably-overprivileged-here-s-a-scanner-for-it", "title": "Your MCP Server Is Probably Overprivileged - Here's a Scanner For It", "summary": "The article describes a common security issue with MCP (Model Context Protocol) servers, where configurations often grant tools excessive permissions, lack authentication, and expose prompt-injection vulnerabilities. To address this, the author introduces a static and dynamic scanner called `@hailbytes/mcp-security-scanner` that detects these overprivileged patterns in MCP configs and live endpoints. The tool supports SARIF output for integration with GitHub Code Scanning, allowing findings to appear as alerts on pull requests.", "body_md": "**MCP servers expose tools to LLMs, but most configs grant tools broader permissions than they need, ship without auth, and leak prompt-injection surface in tool descriptions. This scanner finds it before your model does.**\n\nMost MCP servers I've audited in the last few months had the same three issues:\n\n- A\n`shell`\n\nor`fs`\n\ntool was scoped to the entire filesystem when the use case needed exactly one directory. - The transport ran without auth because the local-dev SSE config got promoted to prod.\n- Tool descriptions echoed verbatim into prompts with no sanitization — a perfect injection surface.\n\n[ @hailbytes/mcp-security-scanner](https://www.npmjs.com/package/@hailbytes/mcp-security-scanner) is what I wish I'd had on day one of building MCP servers. It's a static + dynamic scanner for MCP configs and live endpoints that flags these patterns.\n\n## CLI\n\n```\n# Scan a local config\nnpx @hailbytes/mcp-security-scanner ./mcp-config.json\n\n# Scan a live endpoint\nnpx @hailbytes/mcp-security-scanner https://my-mcp-server.example.com\n\n# SARIF output + fail the build\nnpx @hailbytes/mcp-security-scanner ./config.json --output=sarif --exit-code\n```\n\n## Programmatic\n\n``` js\nimport { scan } from \"@hailbytes/mcp-security-scanner\";\n\nconst report = await scan({ configPath: \"./mcp-config.json\" });\n\nif (!report.passed) {\n  console.error(report.findings);\n  process.exit(1);\n}\n```\n\n## What it checks\n\n-\n**Overprivileged tools**— broader permissions than the declared function needs (filesystem scope, shell access, network egress) -\n**Missing or weak authentication**— unauthenticated transports, missing token validation, plaintext secrets in config -\n**Prompt injection surface**— tool descriptions and output paths that pass through to model context without sanitization -\n**Unsafe defaults**— insecure transport defaults, verbose error exposure, CORS wildcards\n\nThe SARIF output drops straight into GitHub Code Scanning, so findings show up as alerts on PRs — same place your SAST results live.\n\n```\nnpm install -g @hailbytes/mcp-security-scanner\n```\n\nSource: [github.com/hailbytes/mcp-security-scanner](https://github.com/hailbytes/mcp-security-scanner) — MIT licensed. Pairs nicely with [ @hailbytes/mcp-server-template](https://github.com/hailbytes/mcp-server-template) if you want a scaffold that comes up secure by default.", "url": "https://wpnews.pro/news/your-mcp-server-is-probably-overprivileged-here-s-a-scanner-for-it", "canonical_source": "https://dev.to/david_dev_sec/your-mcp-server-is-probably-overprivileged-heres-a-scanner-for-it-3cmb", "published_at": "2026-05-22 20:51:00+00:00", "updated_at": "2026-05-22 21:01:28.856799+00:00", "lang": "en", "topics": ["cybersecurity", "developer-tools", "large-language-models", "open-source", "artificial-intelligence"], "entities": ["@hailbytes/mcp-security-scanner", "@hailbytes/mcp-server-template", "GitHub Code Scanning", "MCP"], "alternates": {"html": "https://wpnews.pro/news/your-mcp-server-is-probably-overprivileged-here-s-a-scanner-for-it", "markdown": "https://wpnews.pro/news/your-mcp-server-is-probably-overprivileged-here-s-a-scanner-for-it.md", "text": "https://wpnews.pro/news/your-mcp-server-is-probably-overprivileged-here-s-a-scanner-for-it.txt", "jsonld": "https://wpnews.pro/news/your-mcp-server-is-probably-overprivileged-here-s-a-scanner-for-it.jsonld"}}