We focus on a holistic risk analysis of the risks that would matter to a security engineer. For example, all the signals analyzed to ensure the MCP server is official and provided by the vendor directly is something that is not found elsewhere. In addition, we have focused on ensuring false positives are minimal or non-existent so you can focus on the true risks.
So with the mix of static and dynamic analysis, MCP protocol conformance, supply chain vulnerability analysis, and MCP specific risk factors we curate a relevant risk score allowing you decide if the usage of a given MCP server is introducing unnecessary risk or not.
These two seem to be doing two different things - mcp-scan is good at dynamic monitoring of your mcp server usage (the proxy server) and nothing much beyond that. It lacks comprehensiveness which is what the armor1 catalog appears to be aiming at
This is interesting. How does it compare with some open source tools that claim to do something similar, say mcp-scan?
We focus on a holistic risk analysis of the risks that would matter to a security engineer. For example, all the signals analyzed to ensure the MCP server is official and provided by the vendor directly is something that is not found elsewhere. In addition, we have focused on ensuring false positives are minimal or non-existent so you can focus on the true risks.
So with the mix of static and dynamic analysis, MCP protocol conformance, supply chain vulnerability analysis, and MCP specific risk factors we curate a relevant risk score allowing you decide if the usage of a given MCP server is introducing unnecessary risk or not.
These two seem to be doing two different things - mcp-scan is good at dynamic monitoring of your mcp server usage (the proxy server) and nothing much beyond that. It lacks comprehensiveness which is what the armor1 catalog appears to be aiming at
Cool stuff! When you say "for every MCP server on the internet" how many MCP servers have you analysed exactly?
btw it'd be really cool if there was an MCP server to get the risk analysis for the MCP servers i've installed already lol
We have just under 17k analyzed. Agreed on the need for an Armor1 MCP server to support this - stay tuned.
Agreed, MCP interface for the MCP risk analysis sounds like a great idea.