Rogue MCP by Wallarm

Advanced MCP Security Scanner - Detect and remediate MCP server vulnerabilities aligned with OWASP Agentic AI Top 10.

Installation

``bash
npm install -g rogue-mcp
`

Quick Start

`bash


Discover all MCP servers on this machine

rogue-mcp scan

Run security audit

rogue-mcp audit

Generate safe configurations

rogue-mcp fix
`

Features

- Discovery: Finds MCP servers across Claude Desktop, Cursor, VS Code, Windsurf
- Security Audit: 24 MCP-specific security checks (MCP001-MCP024)
- OWASP Mapping: Findings mapped to OWASP Agentic AI Top 10 (ASI01-ASI10)
- Blast Radius: Analyzes what data could be exposed if compromised
- Safe Configs: Generates pinned, least-privilege configurations
- MCP Server: Can run as an MCP server itself for AI-assisted scanning

Usage as MCP Server

Add to your MCP client configuration:

`json
{
"mcpServers": {
"rogue-mcp": {
"command": "rogue-mcp",
"args": []
}
}
}
`

CLI Commands

`bash
rogue-mcp scan # Discover MCP servers
rogue-mcp audit # Security audit (SAST)
rogue-mcp deep-probe # Dynamic analysis (DAST)
rogue-mcp fix # Generate safe configs
rogue-mcp export # Export results
rogue-mcp rogue # Blast radius reconnaissance
rogue-mcp owasp # OWASP ASI info
rogue-mcp trusted list # Manage trusted servers
rogue-mcp history # View scan history
``

Supported Platforms

- Linux x64
- macOS x64 (Intel)
- macOS arm64 (Apple Silicon)
- Windows x64

License

Copyright (c) 2025 Wallarm, Inc. All rights reserved.

Author

Ivan Novikov - ivan@wallarm.com

Links

- Documentation
- Wallarm