Quick Start Guide

Get started with MCP Security Score in just a few minutes. This guide walks you through scanning your first MCP server repository.

Prerequisites

Before you begin, you'll need:

• An MCP Security Score account (sign up here)
• A GitHub repository URL containing an MCP server, OR
• A ZIP file of your MCP server code

Step 1: Sign In to Your Dashboard

1. Go to mcpscanner.com
2. Click Sign In in the top right
3. Enter your email and password
4. You'll be redirected to your dashboard

Step 2: Start a New Scan

From your dashboard:

1. Click New Scan in the sidebar (or use the scan form on the overview page)
2. You'll see two options:
   • GitHub URL - Enter a public repository URL
   • Upload ZIP - Upload a ZIP file of your code

Option A: Scan a GitHub Repository

Enter a GitHub URL in any of these formats:

• https://github.com/owner/repo
• github.com/owner/repo
• owner/repo

For example:

https://github.com/modelcontextprotocol/servers

Option B: Upload a ZIP File

1. Click the Upload ZIP tab
2. Drag and drop your ZIP file, or click to browse
3. Maximum file size: 4.5MB
4. The ZIP will be extracted and scanned

Step 3: Wait for Analysis

Once you submit, MCP Security Score will:

1. Clone/Extract - Fetch your code (few seconds)
2. Analyze - Run 43 security checks (5-30 seconds)
3. AI Analysis - Deep behavioral analysis (10-20 seconds)
4. Score - Calculate your security score

You'll see real-time progress updates as the scan runs.

Step 4: Review Your Results

When the scan completes, you'll see:

Security Score

A score from 0-100 with a letter grade:

• A (90-100): Excellent security posture
• B (80-89): Good, minor improvements possible
• C (70-79): Fair, some issues to address
• D (60-69): Poor, significant issues found
• F (0-59): Critical vulnerabilities present

Category Breakdown

Scores across 8 security categories:

• RCE (Remote Code Execution)
• Filesystem Security
• Network Security
• Secrets & Credentials
• Supply Chain
• MCP-Specific Risks
• Data Handling
• Authentication

Findings List

Each finding includes:

• Severity - Critical, High, Medium, Low, or Info
• Location - File and line number
• Description - What was detected
• Code snippet - The problematic code
• Remediation - How to fix it

Step 5: Export Your Report (Optional)

You can download a PDF report of your scan results:

1. Click the Download PDF button on the results page
2. The report includes all findings, scores, and remediation guidance
3. Share it with your team or include in security documentation

Next Steps

Now that you've completed your first scan:

• Understanding Scores - Learn how scores are calculated
• Reviewing Findings - Deep dive into fixing issues
• Security Checks - Reference for all 43 checks
• API Reference - Automate scans in your CI/CD pipeline

Example: Scanning the Official MCP Servers

Try scanning the official Model Context Protocol servers repository:

https://github.com/modelcontextprotocol/servers

This repository contains reference implementations and is a great way to see MCP Security Score in action with real-world code.

Troubleshooting

"Repository not found"

• Make sure the repository is public
• Check the URL is correct
• Private repositories require a Pro subscription

"Scan timed out"

• Large repositories may take longer
• Try scanning a specific subdirectory
• Consider uploading a ZIP of just the MCP server code

"Invalid ZIP file"

• Maximum size is 4.5MB
• Make sure the ZIP isn't corrupted
• Don't include node_modules or .git directories

For more help, see Troubleshooting.