Live · 16 engines · < 60s median

Is this MCP server safe?

MCPAmpel scans any GitHub, GitLab, npm or PyPI URL through 16 independent security engines. Sandboxed in Docker. One trust score. No account required.

Last completed scan

cloudflare/mcp-server-cloudflare

LIVE

9.2 / 10

Green · safe to install

0.0 not safe 4.0 7.0 10.0 trusted

16/16engines green

2findings · low

38sscan time

NOT SAFE

Public MCP servers with known supply-chain or secret-leak issues, this week.

UNDER REVIEW

0.0%

Of MCP servers scored below 4.0. Don't install without review.

CATALOGUED

2M+

Findings indexed across our scan history. Every result reproducible.

FREE TIER

€0

Unlimited web scans. 50 API calls a day. Every engine for everyone.

01 · The pipeline

From a URL to a trust score, in three steps.

01/03

Submit any URL

GitHub, GitLab, npm or PyPI. Packages resolve to source repos automatically. We shallow-clone into a fresh sandbox — never your machine.

INPUT · git · npm · pypi · mcp://

02/03

16 engines, in parallel

Semgrep, Bandit, Trivy, Grype, Gitleaks, OSV-Scanner, Cisco MCP and more — each in its own Docker container, three concurrent. Live progress streams via SSE.

RUNTIME · ~38s median · 3 concurrent

03/03

One score. Every finding.

Weighted aggregation from 0.0 to 10.0. Red, amber, green like a real Ampel. Drill into per-engine findings, export NIS2 PDF or CycloneDX SBOM.

OUTPUT · score · SVG badge · NIS2 · SBOM

02 · The engines

Sixteen scanners. One verdict.

Semgrep

Security analysis

w·1.0

YAML rules · taint1,284 runs/wk

Bandit

Security analysis

w·1.0

Python AST1,284 runs/wk

Checkov

IaC analysis

w·0.7

Terraform · k8s1,284 runs/wk

MCP Guardian

MCP guardrails

w·1.0

Custom YARA1,284 runs/wk

Trivy

Vulnerability

w·1.0

CVE · OS · lib1,284 runs/wk

Grype

Vulnerability

w·0.7

SBOM-driven1,284 runs/wk

OSV-Scanner

Vulnerability

w·1.0

OSV.dev DB1,284 runs/wk

pip-audit

Vulnerability

w·0.7

PyPA · advisories1,284 runs/wk

dep-scan

Vulnerability

w·0.5

multi-lang1,284 runs/wk

Gitleaks

Secret detection

w·1.0

full git history1,284 runs/wk

detect-secrets

Secret detection

w·0.7

entropy · plugins1,284 runs/wk

Cisco MCP Scanner

MCP-specific

w·1.0

tool poisoning1,284 runs/wk

Cisco A2A

MCP-specific

w·0.7

agent-to-agent drift1,284 runs/wk

Custom YARA

MCP-specific

w·0.7

prompt injection1,284 runs/wk

Syft

SBOM (info)

w·0.0

CycloneDX1,284 runs/wk

ScanCode

License (info)

w·0.0

SPDX detection1,284 runs/wk

03 · The wire

What's been scanned this hour.

Distribution · last 24h

Green ≥ 7.0

64%

Amber 4–7

28%

Red < 4.0

Top finding · today

Hardcoded API key in config.py

Detected by Gitleaks across 4 different MCP servers in the last 24 hours.

View live feed → Subscribe via RSS →

04 · Show your work

Drop a badge in your README. Build trust before anyone clicks Install.

Every public scan gets an SVG badge. Free badges go grey after 30 days; monitored repos auto-refresh and pulse green when fresh. Add it once — it stays current.

USED BY → modelcontextprotocol · cloudflare · chroma · fastmcp · 4,200+ public repos

mcpampel● 9.2/10

mcpampel● 7.4/10

mcpampel● 2.8/10

# README.md [![MCPAmpel](https://mcpampel.com/badge/owner/repo.svg)]( https://mcpampel.com/repo/owner/repo )

05 · Questions

Things people ask first.

No. Each scan clones into a fresh Docker container that's destroyed when the scan completes. We retain the trust score, per-engine findings, commit SHA and metadata — not your source.

Every scan starts at 10.0. Each finding deducts a weighted penalty (severity × engine weight), capped at 3.0 per engine. Informational engines like SBOM generators don't reduce the score. Final value is clamped to [0.0, 10.0].

Ampel is German for traffic light. Built in Dresden for German and EU teams shipping AI agents under NIS2 — green you ship, amber you check, red you don't install. The score is the light.

Yes. Web scans are unlimited. The API has a 50-call daily quota and a key is free to create. Every engine runs for every scan — no paid-only engines, no hidden tiers.

There's a GitHub Action that fails the build below a trust-score threshold, and an MCP plugin for Claude Code that scans your installed servers from your editor.

Red, amber, or green —
find out in 60 seconds.

Paste a URL. No account. No payment. No retention of source.

Is this MCP server safe?

From a URL to a trust score, in three steps.

Submit any URL

16 engines, in parallel

One score. Every finding.

Sixteen scanners. One verdict.

What's been scanned this hour.

Distribution · last 24h

Top finding · today

Drop a badge in your README. Build trust before anyone clicks Install.

Things people ask first.

Red, amber, or green —find out in 60 seconds.

Red, amber, or green —
find out in 60 seconds.