MCP security · v0.1

Least-privilege scanner for MCP agents.

Stricture inspects your MCP server configs, maps agent-to-tool access, flags over-permissioned connections, and exports a signed audit report.

Parse configs

Drop in your mcp.json. Stricture extracts servers, commands, tools, transports, env vars, and credential hints.

Score risk

A deterministic risk engine flags shell execution, broad DB access, secrets in config, unknown remotes, and more.

Map access

See exactly which agents can reach which tools. Spot stale references and over-scoped agents.

CLI-first, dashboard-friendly

The scanner core is a pure function over your config JSON — same engine the dashboard runs is meant to ship as npx stricture next.

Export audit report