Skip to main content

Usage

langsight security-scan [OPTIONS]

Options

OptionDefaultDescription
--configauto-discoveredPath to .langsight.yaml
--jsonfalseOutput as JSON
--cifalseExit code 1 on CRITICAL or HIGH findings

What it checks

CVE Scanning

Reads pyproject.toml or package.json from each server’s directory and queries the OSV API for known vulnerabilities. No API key required.

OWASP MCP Top 10

CheckCategorySeverity
No authentication configuredOWASP-MCP-01CRITICAL (SSE) / MEDIUM (stdio)
Destructive tools without authOWASP-MCP-02HIGH
Unexpected schema changeOWASP-MCP-04HIGH
Tools with no input schemaOWASP-MCP-05MEDIUM
HTTP transport (no TLS)OWASP-MCP-06HIGH

Tool Poisoning Detection

Scans tool names and descriptions for:
  • Prompt injection phrases (ignore previous instructions)
  • Data exfiltration patterns (send all data to)
  • External URLs in descriptions
  • Hidden unicode characters
  • Base64-encoded injection payloads

Example output

Security Scan Results  (2 servers, 4 findings)
──────────────────────────────────────────────────────────────────
Severity   Server       Category       Finding
CRITICAL   jira-mcp     CVE            CVE-2025-6514 in mcp-remote
HIGH       slack-mcp    OWASP-MCP-01   No authentication configured
HIGH       slack-mcp    OWASP-MCP-02   Tool 'delete_message' without auth
MEDIUM     postgres-mcp OWASP-MCP-05   Tool 'query' has no input schema

0/2 servers clean — 1 critical, 2 high

CI/CD integration

# Fail the build on CRITICAL or HIGH findings
langsight security-scan --ci

# In GitHub Actions
- name: MCP Security Scan
  run: langsight security-scan --ci --json > security-report.json

JSON output

[
  {
    "server_name": "jira-mcp",
    "findings_count": 2,
    "critical_count": 1,
    "highest_severity": "critical",
    "findings": [
      {
        "severity": "critical",
        "category": "CVE",
        "title": "CVE in dependency 'mcp-remote': CVE-2025-6514",
        "remediation": "Update 'mcp-remote' to a patched version."
      }
    ]
  }
]