AI Agent Tool Security Directory

Security analysis for MCP servers, skills, and AI agent tools. Every tool is scanned for prompt injection, permission risks, and scope mismatches.

157

Tools Scanned

65

Safe (S/A/B)

82

Medium Risk (C)

10

Risky (D/F)

Let your AI agent scan its own tools

Add ToolTrust as an MCP server and your agent can audit every tool it has access to — before blindly trusting them. Works with Claude Code, Cursor, and Claude Desktop.

Add to your .mcp.json

{
  "mcpServers": {
    "tooltrust": {
      "command": "npx",
      "args": ["-y", "tooltrust-mcp"]
    }
  }
}

Then ask your agent to run tooltrust_scan_config to scan all configured MCP servers in one shot, or tooltrust_scan_server to scan a specific server.

tooltrust_scan_configtooltrust_scan_servertooltrust_scanner_scantooltrust_lookuptooltrust_list_rules

Scan from the command line

ToolTrust Scanner is a free CLI that audits MCP servers for prompt injection, permission risks, and supply-chain vulnerabilities.

1 · Install

$ curl -sfL https://raw.githubusercontent.com/AgentSafe-AI/tooltrust-scanner/main/install.sh | bash

2 · Scan any MCP server

$ tooltrust-scanner scan --server "npx -y @modelcontextprotocol/server-filesystem /tmp"

Full docs & GitHub Actions integration →