Paste MCP tool JSON. Find the risky edges.

This static inspector checks MCP tool metadata for prompt-injection bait, destructive capabilities, credential exposure, weak schemas, and missing human-confirmation language.

0 Risk points after analysis.

Input

Report

What It Looks For

Descriptions that try to override instructions or hide behavior.
Tools that can delete, deploy, send, transfer, execute, browse, or write outside a narrow boundary.
Schema gaps such as missing required fields, broad free-form strings, or absent output schemas.
Credential, token, API key, cookie, session, or private-key handling risk.
Missing confirmation language for irreversible actions.

This is a smoke test for metadata and policy review, not a formal security certification.