Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.langsight.dev/llms.txt

Use this file to discover all available pages before exploring further.

Usage

langsight security-scan [OPTIONS]

Options

OptionDefaultDescription
--configauto-discoveredPath to .langsight.yaml
--jsonfalseOutput as JSON
--cifalseExit code 1 on CRITICAL or HIGH findings

What it checks

CVE Scanning

Reads pyproject.toml or package.json from each server’s directory and queries the OSV API for known vulnerabilities. No API key required. The scanner is version-aware: it extracts the installed package version from the dependency file and passes it to the OSV batch API. OSV then returns only CVEs that affect the installed version, not all historical CVEs for the package name. This eliminates false positives from vulnerabilities that were fixed in older versions you are no longer running.
Dependency formatVersion extracted from
pyproject.toml ([project] dependencies)mcp>=1.0,<21.0; fastmcp==2.0.02.0.0
package.json (dependencies / devDependencies)"^1.2.3"1.2.3; "~2.0.0"2.0.0
When a version cannot be extracted (e.g. a bare package name with no version constraint), OSV is queried by package name only, which may return more results than strictly necessary. Pin your dependencies to reduce noise. CVE results are cached for 1 hour per dependency file to avoid hammering the OSV API when scanning multiple servers that share the same dependencies.

OWASP MCP Top 10

CheckCategorySeverity
No authentication configuredOWASP-MCP-01CRITICAL (SSE) / MEDIUM (stdio)
Destructive tools without authOWASP-MCP-02HIGH
Unexpected schema changeOWASP-MCP-04HIGH
Tools with no input schemaOWASP-MCP-05MEDIUM
HTTP transport (no TLS)OWASP-MCP-06HIGH

Tool Poisoning Detection

Scans tool names and descriptions for:
  • Prompt injection phrases (ignore previous instructions)
  • Data exfiltration patterns (send all data to)
  • External URLs in descriptions
  • Hidden unicode characters
  • Base64-encoded injection payloads

Example output

Security Scan Results  (2 servers, 4 findings)
──────────────────────────────────────────────────────────────────
Severity   Server       Category       Finding
CRITICAL   jira-mcp     CVE            CVE-2025-6514 in mcp-remote
HIGH       slack-mcp    OWASP-MCP-01   No authentication configured
HIGH       slack-mcp    OWASP-MCP-02   Tool 'delete_message' without auth
MEDIUM     postgres-mcp OWASP-MCP-05   Tool 'query' has no input schema

0/2 servers clean — 1 critical, 2 high

CI/CD integration

# Fail the build on CRITICAL or HIGH findings
langsight security-scan --ci

# In GitHub Actions
- name: MCP Security Scan
  run: langsight security-scan --ci --json > security-report.json

JSON output

[
  {
    "server_name": "jira-mcp",
    "findings_count": 2,
    "critical_count": 1,
    "highest_severity": "critical",
    "findings": [
      {
        "severity": "critical",
        "category": "CVE",
        "title": "CVE in dependency 'mcp-remote': CVE-2025-6514",
        "remediation": "Update 'mcp-remote' to a patched version."
      }
    ]
  }
]