Self-Service Scanning

TrustTrace Scan lets you test your AI agents and MCP servers for security vulnerabilities on demand. Two scan modes cover different parts of your attack surface.

MCP Server Scanning

What It Tests

When you provide an MCP server URL, TrustTrace performs a live assessment:

Tool Enumeration — Connects to your MCP server and catalogs every tool, resource, and prompt it exposes. This is your MCP server's attack surface inventory.

Tool Poisoning Detection — Analyzes each tool's description for hidden instructions. Poisoned tool descriptions can hijack your AI agent's behavior — instructing it to exfiltrate data, bypass safety controls, or execute unintended actions. TrustTrace detects embedded instructions, encoded content (base64, zero-width characters), and suspiciously complex descriptions.

Authentication Check — Verifies whether your MCP server requires authentication. Unauthenticated MCP servers exposed on a network allow anyone to invoke tools directly. This is a Critical finding.

Transport Security — Checks whether the connection uses TLS. MCP traffic over HTTP transmits tool calls and responses — potentially including sensitive data — in plaintext.

Scope Analysis — Evaluates whether the server exposes more tools than necessary. An MCP server with write and delete permissions on a scheduling agent raises the question: why does a scheduling agent need to delete records?

Rug Pull Detection (Pro+) — If you've scanned this server before, TrustTrace compares the current tool definitions against your saved baseline. Any changes — new tools, modified descriptions, expanded parameters — are flagged. This catches MCP servers that change behavior after initial approval.

How to Scan

  1. Navigate to trusttrace.io/scan
  2. Select the MCP Server tab
  3. Enter your server URL (e.g., https://your-mcp.example.com/sse)
  4. If your server requires authentication, toggle Add authentication and enter your token
  5. Click Scan

Results typically complete in 30–90 seconds depending on the number of tools exposed.

What You'll Need

  • The MCP server must be reachable from the internet (TrustTrace connects to it from our scanning infrastructure)
  • For local MCP servers (stdio transport), use the Upload Files mode instead — export your tool definitions to JSON and upload them

Configuration Upload Scanning

What It Tests

Upload any combination of files from your AI agent project. TrustTrace automatically routes each file to the appropriate scanner:

Tool Schemas (.json) — Analyzes tool definitions for excessive permissions, dangerous patterns (SQL execution, code execution, email tools), missing parameter constraints, and hidden instructions in descriptions. Supports OpenAI function calling format, LangChain tool definitions, and raw JSON.

Dependency Files — Parses lockfiles and manifests to check for known vulnerabilities (CVEs), unpinned versions, typosquatting candidates, and abandoned packages.

Supported formats:

  • Python: requirements.txt, pyproject.toml, poetry.lock, Pipfile.lock
  • JavaScript/TypeScript: package.json, package-lock.json, yarn.lock

System Prompts (.txt, .yaml, .yml) — Generates an adversarial payload catalog: specific prompt injection attacks tailored to your agent's configuration. Your security team can use these payloads for internal testing even without giving TrustTrace live access to your agents.

Agent Code (.py, .js, .ts) — Scans source code for:

  • Hardcoded API keys and credentials
  • Prompt injection sinks (user input concatenated into prompts)
  • Unsafe code execution (exec(), eval() on LLM output)
  • SQL injection vectors
  • Overly permissive configurations (CORS wildcards, debug mode)
  • MCP-specific patterns (command injection in handlers, missing auth middleware)

How to Upload

  1. Navigate to trusttrace.io/scan
  2. Select the Upload Files tab
  3. Drag and drop files into the upload area (or click to browse)
  4. Review the accepted files list
  5. Click Scan

Maximum upload size: 10MB total. Results typically complete in 60–120 seconds.

Tips for Better Results

  • Upload everything relevant. A tool schema alone gives you permission analysis. Add the code that implements those tools and you get injection sink detection. Add the dependency file and you get CVE coverage. More context means more comprehensive results.
  • Include your lockfile, not just the manifest. package-lock.json has resolved versions; package.json may have ranges that are harder to check against CVE databases.
  • Upload the actual system prompt. The more specific the prompt, the more targeted the adversarial payload catalog.

Scan Limits and Fair Use

Each plan includes a monthly scan allowance:

PlanScans per Month
Free3
Developer15
Pro50
Team200
Enterprise500

Each submission (one MCP URL or one set of uploaded files) counts as one scan. Rescanning the same URL or re-uploading the same files counts as a new scan.

Scan limits reset on the first of each calendar month. Your current usage is displayed at the top of the scan page and on your account page.

Data Handling

Your files are not stored. Uploaded files are processed in an isolated temporary directory, scanned, and deleted immediately upon scan completion — regardless of whether the scan succeeds or fails.

MCP server connections are ephemeral. TrustTrace connects to enumerate tools and disconnects. We do not maintain persistent connections, cache your tool definitions (except for baseline comparisons on Pro+), or store your authentication tokens.

Scan results are stored. Your findings, scores, and scan metadata are stored in your account for scan history and baseline comparison purposes. You can view and manage your scan history from your account page.

For complete details on how TrustTrace handles data, see our Privacy Policy.