Dev Tools · 1h ago
Frisk scanner checks MCP servers for malicious code before install
Developer ThandV built frisk, a static scanner that inspects MCP server code for dangerous patterns like shell piping, secret theft, and prompt injection. It runs locally with no dependencies and never sends data to external APIs. The tool also detects tool poisoning and can verify that installed servers haven't changed since approval.
Meridian48 take
Frisk addresses a real blind spot in the AI tool ecosystem, but its regex-based approach means it will miss obfuscated attacks.
Read the full reporting
I got nervous about installing MCP servers, so I built a scanner for them →
DEV Community
mcp-securitystatic-analysis