Add: ClawGuard — Open-source MCP Security Scanner (200 patterns, 15 languages)

[joergmichno]

ClawGuard

Open-source regex-based security scanner for MCP servers. Scans tool descriptions, prompts, and inputs for prompt injection, tool poisoning, data exfiltration, and command injection.

• 200 patterns across 15 languages (EN, DE, FR, ES, IT, NL, PL, PT, TR, KO, JA, ZH, AR, HI, ID)
• F1=97.3% on 265 adversarial test cases
• OWASP mapped: LLM Top 10 + Agentic Top 10 + MCP Top 10 (all categories)
• EU AI Act compliance scanning
• Sub-millisecond, no LLM calls, deterministic
• Scanned 11,529 MCP servers from public registries

GitHub: https://github.com/joergmichno/clawguard (MIT)
API: https://prompttools.co/shield (free scan, no account)
Report: https://prompttools.co/blog/eu-ai-act-mcp-compliance-report-2026

[esxr]

Also worth including operant-mcp on this list. 51 security testing tools in a single MCP server. SQL injection, XSS, SSRF, command injection, path traversal, NoSQL injection, CORS, clickjacking, GraphQL testing, PCAP analysis. Open source under MIT. https://github.com/operantlabs/operant-mcp