Loomal

ToolTrust Scanner

MCP server by github.com/agentsafe-ai/tooltrust-scanner

Scans MCP servers for prompt injection, data exfiltration, and privilege escalation.

16 starsnpm: tooltrust-mcp

About ToolTrust Scanner

ToolTrust Scanner is an MCP (Model Context Protocol) server published by agentsafe-ai in the official MCP registry, listed under Security on Loomal. Scans MCP servers for prompt injection, data exfiltration, and privilege escalation.

It ships as an npm package (tooltrust-mcp), so any MCP client that can launch a local process can run it.

Development happens in the open at github.com/agentsafe-ai/tooltrust-scanner, where the project has earned 16 GitHub stars.

Use ToolTrust Scanner with your agent

Claude Code · one command
claude mcp add tooltrust-scanner -- npx -y tooltrust-mcp
Claude Desktop, Cursor & other MCP clients · config
{
  "mcpServers": {
    "tooltrust-scanner": {
      "command": "npx",
      "args": [
        "-y",
        "tooltrust-mcp"
      ]
    }
  }
}
npmtooltrust-mcp

Frequently asked questions

What is ToolTrust Scanner?
ToolTrust Scanner is an MCP (Model Context Protocol) server by agentsafe-ai in the Security category. Scans MCP servers for prompt injection, data exfiltration, and privilege escalation.
How do I connect ToolTrust Scanner to Claude, Cursor, or another MCP client?
Install ToolTrust Scanner from its npm package (tooltrust-mcp) and register it under "mcpServers" in your client's MCP configuration — for example claude_desktop_config.json or Cursor's mcp.json — then restart the client.
Is ToolTrust Scanner open source?
Yes — the source code is public at github.com/agentsafe-ai/tooltrust-scanner, with 16 GitHub stars.
Can AI agents pay to use ToolTrust Scanner?
Not yet through Loomal — ToolTrust Scanner is listed as a free directory entry. If its maintainer verifies ownership, they can set per-call USDC pricing that agents pay over x402, with settlement on Base.

More Security MCP servers

idea-reality-mcp

719

Pre-build reality check. Scans GitHub, HN, npm, PyPI, Product Hunt — returns 0-100 signal.

skylos

453

Dead code, security, secrets detection and code quality for Python, TypeScript, Go.

MCPProxy

253

Local-first MCP proxy with BM25 tool discovery, security scanning, quarantine & ~99% token savings

mcp-afip

252

AFIP — Argentine tax authority, electronic invoicing (Factura Electrónica)

mcp-ap2

252

MCP server for AP2 — Google's Agent-to-Agent Payment Protocol (authorization, audit, trust)

OpenClaw MCP Server

172

MCP server bridging Claude.ai/Desktop with self-hosted OpenClaw via OAuth 2.1.

Browse the full MCP server directory

Listing data from the official MCP registry and GitHub, refreshed periodically. Not affiliated with the maintainer unless claimed. Maintain ToolTrust Scanner? Claim this listing free by verifying GitHub ownership, or contact us.