What is MCP Risk Analyzer?
MCP Risk Analyzer scores an MCP server manifest for security risk before an agent installs it. It returns a structured findings array instead of a single opaque number: each entry identifies the exact tool, one of six risk factors, severity…
What is MCP Risk Analyzer?
Answer
MCP Risk Analyzer scores an MCP server manifest for security risk before an agent installs it. It returns a structured findings array instead of a single opaque number: each entry identifies the exact tool, one of six risk factors, severity, a human-readable explanation of the exposure, and a concrete remediation step. The same rules run in the hosted x402 endpoint and the Operator Pack local CLI.
Related workflows
Pair MCP risk scores with DestructGuard command blocking at runtime and ReviewQueue for human review of ambiguous tool additions. Export the scored findings JSON alongside your agent session JSONL so IncidentScribe timelines include the pre-install risk evidence. Re-score any server after manifest changes before promoting to production agents.
Next steps
POST the manifest to /api/agent-services/mcp-risk/score (x402) for hosted scoring or install the Operator Pack CLI and run mcp-risk score manifest.json locally. Apply the concrete fix recommendations, re-export the manifest, and re-score until risk is medium or low. Store requestId with your session audit for compliance.
FAQ
What is MCP Risk Analyzer?
MCP Risk Analyzer scores an MCP server manifest for security risk before an agent installs it. It returns a structured findings array instead of a single opaque number: each entry identifies the exact tool, one of six risk factors, severity, a human-readable explanation of the exposure, and a concrete remediation step. The same rules run in the hosted x402 endpoint and the Operator Pack local CLI.