Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.langsight.dev/llms.txt

Use this file to discover all available pages before exploring further.

POST /api/security/scan

Runs a security scan (7 of 10 OWASP MCP checks + CVEs via OSV + poisoning detection) on all configured servers. Covers checks 1–5 + CVE scanning + tool poisoning detection; checks 7–9 are planned. Each scan triggers a health check first to get the live tools list. 
curl -X POST http://localhost:8000/api/security/scan

[
  {
    "server_name": "postgres-mcp",
    "scanned_at": "2026-03-17T12:00:00Z",
    "error": null,
    "findings_count": 1,
    "critical_count": 0,
    "high_count": 0,
    "highest_severity": "medium",
    "findings": [
      {
        "severity": "medium",
        "category": "OWASP-MCP-01",
        "title": "No authentication configured",
        "description": "Server has no auth credentials in its configuration.",
        "remediation": "Add an API key or token to the server's env configuration.",
        "tool_name": null,
        "cve_id": null
      }
    ]
  }
]

Severity levels

SeverityExamples
criticalRemote code execution CVE, prompt injection
highUnauthenticated SSE server, destructive tools without auth
mediumNo auth on stdio server, missing input schemas
lowMinor config warnings
infoInformational findings