MCP Preflight Local-first MCP trust review Run free scan
Example output

Read the shape of the findings before you install anything.

For this product, output quality is part of the value. The report should explain what looked risky, why it matters, and what to do next.

Run free scanRead the rules
GitHub Releases
Representative text output
mcp-preflight scan demo/example-findings-workspace --format text --no-exit-code

error   credential-in-url            .vscode/mcp.json:14
  Remote MCP URL contains credentials.
  Move auth into headers or env-backed fields and switch to HTTPS.

warning overbroad-env-inheritance    .vscode/mcp.json:27
  Blanket environment inheritance expands the blast radius.
  Pass only the variables the server actually needs.

warning ephemeral-mcp-launcher       .vscode/mcp.json:33
  The server is launched through an ephemeral package path.
  Safer after pinning or replacing with a reviewed local install.

warning tool-poisoning-indicator     prompts/review.md:8
  The text contains language that can override normal review intent.
  Rewrite the resource so the model receives clear, bounded instructions.