Discover every MCP server your AI agents expose across 14 clients, take a canonical SHA-256 fingerprint of each, and catch rug-pulls, tool poisoning, typosquats and exfiltration combos — 100% local, read-only, written in Rust. Your inventory never leaves your machine.
git clone https://github.com/MattJeff/sentinelmcp && cd sentinelmcp/sentinel cargo install --path crates/sentinel-cli sentinel scan
Packaged installs (brew / cargo install / npx) ship with the next release.
Static scanners tell you a server looked safe once. Sentinel tells you the moment it changes.
A server silently changes its tool surface after you approved it. Canonical SHA-256 baselines catch the first byte that changes.
Hostile instructions hidden in tool descriptions/schemas: 40+ patterns + Unicode smuggling + line-jumping + YARA + an optional local LLM judge.
Packages impersonating official ones, incl. Unicode confusables (homoglyphs).
Untrusted input + secret read + external write in one session — the deterministic exfiltration combo.
Version-level rug-pull (the Postmark pattern) and offline matching of known MCP CVEs.
Splunk · Elastic · Syslog TLS · STIX 2.1 · TAXII 2.1 · Ed25519-signed compliance reports (SOC 2 · ISO 27001 · OWASP MCP · SAFE-MCP).
Open for local use. See how it compares to mcp-scan/Snyk, ToolHive, Cisco mcp-scanner and the commercial platforms.