MCP Security Score
Documentation

Dashboard Guide

A complete guide to using the MCP Security Score dashboard.

Overview

The dashboard is your central hub for managing security scans. Here you can:

  • Start new scans
  • View scan history
  • Analyze detailed results
  • Manage API keys
  • Configure account settings

Starting a Scan

From the Homepage

  1. Navigate to mcpscanner.com
  2. Enter a GitHub repository URL in the scan input
  3. Click Scan or press Enter
  4. Wait for the analysis to complete

From the Dashboard

  1. Click New Scan in the top navigation
  2. Enter the repository URL
  3. Optionally configure scan settings
  4. Click Start Scan

Scan Input Formats

The scanner accepts various URL formats:

# Full URL
https://github.com/owner/repo
 
# Short format
github.com/owner/repo
 
# With branch (scans default branch)
https://github.com/owner/repo/tree/main

Scan History

Viewing Past Scans

Navigate to Dashboard → Scan History to see all your previous scans.

Each scan shows:

  • Repository URL
  • Security score and grade
  • Safety score and grade
  • Number of findings
  • Scan date and duration
  • Status (complete, failed, pending)

Filtering Scans

Filter your scans by:

  • Status - Complete, Failed, Pending
  • Grade - A, B, C, D, F
  • Date range - Last 7 days, 30 days, etc.

Sorting

Sort scans by:

  • Date (newest/oldest)
  • Score (highest/lowest)
  • Repository name

Scan Results Page

When you view a completed scan, you'll see:

Score Overview

At the top of the results page:

  • Security Score - Overall security rating (0-100)
  • Letter Grade - Quick assessment (A-F)
  • Safety Score - Composite score including AI analysis
  • Findings Count - Total issues found by severity

Category Breakdown

Scores for each security category:

  • Remote Code Execution (RCE)
  • Secrets Detection
  • Network Security
  • Filesystem Security
  • Supply Chain
  • MCP Configuration
  • Data Handling
  • Authentication

Click any category to filter findings to that category.

Findings List

All security findings, showing:

  • Severity badge - Critical, High, Medium, Low, Info
  • Check name - What was detected
  • File and line - Exact location in code
  • Code snippet - The problematic code
  • Remediation - How to fix it

Filtering Findings

Filter findings by:

  • Severity level
  • Category
  • File path

Expanding Details

Click a finding to expand:

  • Full code context
  • Detailed explanation
  • Remediation steps
  • Safe code example

AI Analysis

The AI analysis section includes:

Behavior Summary

  • What the MCP server does
  • Capabilities detected
  • Potential risks identified
  • Trust assessment

Prompt Injection Analysis

  • Whether vulnerabilities were detected
  • Severity of any issues
  • Specific locations and recommendations

Executive Summary

  • High-level risk assessment
  • Key findings prioritized
  • Recommended actions

Settings

Access settings from the user menu or Dashboard → Settings.

Profile Settings

  • Update display name
  • Change email address
  • Update notification preferences

API Keys

Manage API keys for programmatic access:

Creating a Key

  1. Go to Settings → API Keys
  2. Click Create New Key
  3. Enter a descriptive name (e.g., "CI/CD Pipeline")
  4. Click Create
  5. Copy the key immediately - it won't be shown again

Managing Keys

  • View all active keys and their last used dates
  • Revoke keys you no longer need
  • Create new keys (up to 10 per account)

Key Security

  • Keys start with mcp_sk_
  • Never commit keys to source code
  • Use environment variables or secret managers
  • Rotate keys periodically
  • Revoke compromised keys immediately

Billing

Manage your subscription:

  • View current plan and usage
  • Upgrade or downgrade plans
  • Update payment method
  • View billing history
  • Download invoices

Notifications

Configure email notifications for:

  • Scan completions
  • Critical findings detected
  • API usage warnings
  • Account security alerts

Keyboard Shortcuts

Speed up your workflow with keyboard shortcuts:

| Shortcut | Action | |----------|--------| | / | Focus search | | n | New scan | | d | Go to dashboard | | s | Go to settings | | ? | Show shortcuts help |

Tips and Best Practices

Organize Your Scans

  • Scan important repositories regularly
  • Set up CI/CD integration for automatic scanning
  • Review findings promptly after each scan

Prioritize Fixes

  1. Critical - Fix immediately, potential for exploitation
  2. High - Fix soon, significant security risk
  3. Medium - Plan to fix, moderate risk
  4. Low - Fix when convenient, minor risk
  5. Info - Consider during code review

Track Progress

  • Compare scores over time to track improvement
  • Use the scan history to see trends
  • Set score thresholds in CI/CD to prevent regressions

Team Collaboration

On Team and Enterprise plans:

  • Share scan results with team members
  • Assign findings to specific developers
  • Track remediation progress
  • Generate compliance reports

Mobile Access

The dashboard is fully responsive and works on mobile devices:

  • View scan history
  • Check scan results
  • Start new scans
  • Manage basic settings

For the best experience with detailed code analysis, we recommend using a desktop browser.

Next Steps