Sentinel
Automated security scanner for MCP server infrastructure.
MCP servers ship with zero security defaults — no authentication, no input validation, no monitoring. Sentinel runs 26 detection rules across three modules to surface those gaps before an attacker does, and plugs straight into CI/CD.
- Status
- Active
- Language
- Python
- Rules
- 26 detection rules
- License
- Apache 2.0
- Install
- pip install helixar-sentinel
Three scanning modules
26 rules built for how MCP servers actually fail — static config, live endpoints, and the container underneath.
Configuration · 10 rules
Missing authentication, over-broad tool permissions, insecure defaults, and secrets left in config.
Live endpoint · 8 rules
Unauthenticated access, missing TLS, CORS misconfiguration, and exposed debug interfaces.
Container · 8 rules
Privileged containers, missing resource limits, and insecure base images.
Findings on every run, in SARIF
Sentinel outputs SARIF 2.1 — findings appear inline in pull requests via GitHub Code Scanning, with a configurable fail threshold per severity.
$ sentinel scan --target http://localhost:3000 --config ./mcp.json[CRITICAL] No authentication on /tools/execute[CRITICAL] Container running as root (UID 0)[HIGH] Missing rate limiting on /tools/execute[PASS] TLS enforced on all endpoints$ sentinel scan --output sarif --fail-on critical > results.sarif
More from Helixar Labs
All projectsVerifiable human delegation for agentic AI.
HDP extended to physical AI: robots, vehicles, surgical systems.
Scan, harden, sign and attest build artifacts before they ship.