Guides

Short documents that make the scanner easier to evaluate on real MCP setups.

These guides stay close to actual review choices: config shape, auth placement, prompt/tool language, and local blast radius.

Review launchers, scope, auth placement, and install hygiene before first trust.

Check transport, credential handling, and blast radius before you point tools at a remote endpoint.

Recognize risky text patterns in tool descriptions and prompt resources.

Keep local filesystem access narrow and readable when you add a fileserver to MCP.