MCP Server Security Scan Report¶

Scan Date: 2025-10-21 23:50:03 UTC Analyzers Used: yara

Executive Summary¶

• Total Servers Scanned: 5
• Passed: 4 (80%)
• Failed: 1 (20%)

Aggregate Vulnerability Statistics¶

Per-Server Scan Results¶

io.mcpgateway/currenttime¶

• URL: https://mcpgateway.ddns.net/currenttime/mcp
• Status: ✅ SAFE

io.mcpgateway/fininfo¶

• URL: https://mcpgateway.ddns.net/fininfo/mcp
• Status: ✅ SAFE

Error: Scanner exit code: 1

io.mcpgateway/mcpgw¶

• URL: https://mcpgateway.ddns.net/mcpgw/mcp
• Status: ❌ UNSAFE

Detailed Findings¶

Tool: healthcheck

• Analyzer: yara_analyzer
• Severity: HIGH
• Threats: INJECTION ATTACK
• Summary: Detected 1 threat: sql injection

Taxonomy:

{
  "scanner_category": "INJECTION ATTACK",
  "aitech": "AITech-9.1",
  "aitech_name": "Model or Agentic System Manipulation",
  "aisubtech": "AISubtech-9.1.4",
  "aisubtech_name": "Injection Attacks (SQL, Command Execution, XSS)",
  "description": "Injecting malicious payloads such as SQL queries, command sequences, or scripts into MCP servers or tools that process model or user input, leading to data exposure, remote code execution, or compromise of the underlying system environment."
}

Retrieves health status information from all registered MCP servers via the registry's internal API.

Returns:
    Dict[str, Any]: Health status information for all registered servers, including:
        - status: 'healthy' or 'disabled'
        - last_checked_iso: ISO timestamp of when the server was last checked
        - num_tools: Number of tools provided by the server

Raises:
    Exception: If the API call fails or data cannot be retrieved

Error: Scanner exit code: 1

io.mcpgateway/realserverfaketools¶

• URL: https://mcpgateway.ddns.net/realserverfaketools/mcp
• Status: ✅ SAFE

io.mcpgateway/sre-gateway¶

• URL: https://mcpgateway.ddns.net/sre-gateway/mcp
• Status: ✅ SAFE

Error: Scanner exit code: 1

Report generated on 2025-10-21 23:50:03 UTC