Sentinel
Automated security scanner for MCP server infrastructure.
MCP servers ship with zero security defaults. No authentication required, no input validation enforced, no monitoring configured. Sentinel runs 26 detection rules across three modules to surface those gaps before an attacker finds them, and plugs directly into your CI/CD pipeline.
Status
Active
Language
Python
Rules
26 detection rules
License
MIT
Install
pip install helixar-sentinelThe Problem
Model Context Protocol servers are typically deployed from framework quickstarts and documentation examples that optimise for getting something working, not for getting something secure. The result is consistent: unauthenticated endpoints, tools exposed with no permission boundaries, containers running as root, no secrets rotation, no egress filtering.
Manual security reviews catch some of these issues but do not scale. Code review misses runtime misconfigurations. DAST tools are not tuned for MCP server behaviour. No dedicated scanner existed for this class of infrastructure until Sentinel.
Sentinel closes that gap with a purpose-built scanner that understands MCP server architecture: 26 rules across static config, live endpoint probing, and container inspection. Drop it into CI/CD and get severity-rated findings with remediation guidance on every run.
Three Scanning Modules
10 rules
Configuration Analysis
Static analysis of MCP server configuration files. Surfaces missing authentication, overly broad tool permissions, insecure defaults, and exposed secrets in config.
8 rules
Live Endpoint Assessment
Active probing of running MCP server endpoints. Detects unauthenticated access, missing TLS, CORS misconfigurations, and exposed debug interfaces.
8 rules
Container Inspection
Analyses container images and runtime configurations for MCP deployments. Flags privileged containers, missing resource limits, and insecure base images.
GitHub Code Scanning Integration
Sentinel outputs SARIF 2.1, the format natively understood by GitHub Code Scanning and most enterprise SAST platforms. Findings appear inline in pull requests, with configurable fail thresholds per severity level (critical → low). No extra tooling required.
Quick Start
Install from PyPI and run your first scan in under five minutes.
$ pip install helixar-sentinel # Scan a running MCP server $ sentinel scan --target http://localhost:3000 --config ./mcp-config.json [CRITICAL] No authentication on tool endpoint /tools/execute [CRITICAL] Container running as root (UID 0) [HIGH] Missing rate limiting on /tools/execute [HIGH] Debug interface exposed on :9229 [PASS] TLS enforced on all endpoints # Output SARIF for GitHub Code Scanning $ sentinel scan --output sarif --fail-on critical > results.sarif
More from Helixar Labs
Other open protocols and tools from the team.
Scan, harden, sign, and attest every build artifact before it ships.
Instant triage for PinchTab deployment and browser bridge exposure.
Seven-domain security framework for production MCP deployments.
Open protocol for verifiable human delegation in agentic AI systems.
26 rules. Zero excuses. Surface MCP misconfigs before attackers do.
Sentinel is open source, MIT licensed, and available on PyPI.
Get Sentinel