Scan code and configs for MCP gateway readiness issues with seven-dimension scoring.
The available materials indicate an open-source local static scanner that does not require credentials and declares no remote endpoints, so overall risk appears relatively low. However, it still has normal local code-execution and code/config scanning capabilities, and the sparse documentation, low adoption, and unknown maintenance status warrant cautious use in a restricted environment.
The materials explicitly state that no keys or environment variables are required, and there is no indication that accounts, tokens, or other sensitive credentials must be supplied, resulting in low credential exposure.
The materials declare no remote endpoints, and the description only suggests local static scanning; there is no evidence that user code or results are sent to third-party services.
System checks indicate that this MCP tool has code-execution capability; given its purpose of scanning code and configuration, it likely runs local scanning logic or related processes. This is a normal capability for this class of tool, and no concrete red flag shows permissions beyond its stated purpose.
Its stated function is to scan code and configuration, so it can reasonably be expected to read local project files; the materials do not specify write locations, and there is no clear sign of overbroad access, but it should be assumed to have access to the scanned repository contents.
Positive factors include an auditable open-source repository and an MIT license; however, it comes from a third-party registry, lacks a README, has 0 stars, and has unknown maintenance status, which limits verifiability and maturity and raises dependency and maintenance concerns.
Copy the install command and let the AI configure it · recommended for beginners
No copy-paste install info for "mcp-gateway-scan" yet — see the docs or source repo.
Scan this project's code and configuration for common anti-patterns in MCP or agent gateway integration, then output red/yellow/green scores across 7 dimensions with issue locations and remediation advice.
A seven-dimension scoring report with risk levels, triggered rules, affected files, and remediation recommendations.
Run a static scan on the current branch, list any high-risk MCP gateway readiness issues, and provide a summary suitable for use in CI quality gates.
A pipeline-friendly summary including critical issues and whether release blocking is recommended.
Based on the scan results, rank issues by impact, severity, and remediation cost, and generate a remediation checklist for the engineering team.
A prioritized issue list that helps the team address the highest-risk, highest-impact defects first.
Scan MCP servers for runtime, static, config, dependency, and compliance risks.
Scan remote MCP servers for protocol, security, and TLS issues.
Scan configured MCP servers locally and generate inventory with risk scores.
Scan MCP servers for common security risks and assign A-F grades.
Scan MCP server configs for injections, secrets, and dangerous commands.
Scan codebases for secrets, SAST issues, vulnerable dependencies, and IaC risks.