MCP Security Review
Written security review for your MCP server package. Fixed price. Fixed turnaround. No install needed.
one-off review
- ✓Full package scan with source code analysis
- ✓Complete dependency chain review
- ✓Publisher provenance and posture assessment
- ✓MCP tool surface analysis
- ✓Hardening recommendations with specific fixes
- ✓ISO 27001 compliance evidence (A.8.1, A.12.6, A.15.1)
- ✓Ecosystem comparison against 250+ monitored packages
- ✓Written report delivered within 48 hours
continuous monitoring add-on
- ✓Continuous reassessment of your package and dependencies
- ✓Real-time alerts when versions change or risk worsens
- ✓Monthly written update with trend analysis
- ✓Priority incident notification
What the review covers
Package Scan
Metadata, source code analysis, install scripts, prompt injection patterns, suspicious URLs
Dependency Chain
Every direct dependency scanned and risk-assessed. Exposure mapping to known incidents.
Publisher Posture
Provenance attestations, trusted publishing, repo linkage, release hygiene
Tool Surface
MCP tool definitions extracted and reviewed for scope, permissions, and poisoning risk
Hardening Plan
Specific, actionable fixes. Not generic advice. Steps you can implement this week.
Compliance Evidence
ISO 27001 controls mapping. Hand this to your auditor or security team.
Common questions
Do I need to install anything?
No. We scan your published npm package out of band. No repo access, no CI integration, no permissions needed.
What if my package is clean?
You get a clean report with your score, ecosystem ranking, and compliance evidence. That has value for auditors and customers.
Can I see an example?
Scan any package for free at agentscores.xyz. The paid review adds interpretation, hardening recommendations, and compliance evidence on top of the scan data.
How do I pay?
Request a review via the contact form. We will send an invoice. Payment by bank transfer or card.