TachyonicTachyonic

MCP Scanning

Test MCP servers for security vulnerabilities using stdio or HTTP transport

Overview

Tachyonic can directly test MCP (Model Context Protocol) servers by calling their tools with adversarial inputs. This tests the tool layer without going through an LLM.

Stdio Transport

For MCP servers that run as local processes:

tachyonic scan \
  --mcp-transport stdio \
  --mcp-command npx \
  --mcp-args "-y @modelcontextprotocol/server-filesystem /tmp/sandbox" \
  --categories tool-abuse \
  --provider anthropic

Tachyonic starts the MCP server process, performs the protocol handshake, discovers available tools, and sends adversarial tool calls.

HTTP Transport

For MCP servers exposed over HTTP:

tachyonic scan \
  --mcp-transport http \
  --mcp-url https://your-mcp-server.com/mcp \
  --categories tool-abuse,permission-escalation \
  --provider anthropic

What Gets Tested

When scanning MCP servers, Tachyonic:

  1. Connects and performs the MCP handshake (initialize)
  2. Discovers available tools via tools/list
  3. Analyzes tool schemas for poisoning patterns (malicious instructions in descriptions)
  4. Sends adversarial tools/call requests testing:
    • Path traversal via file operation tools
    • SQL injection via database tools
    • Command injection via shell/exec tools
    • SSRF via HTTP/API tools
    • Parameter manipulation across all tool types

Tool Schema Poisoning Detection

Tachyonic passively analyzes MCP tool schemas for embedded prompt injection:

tachyonic scan \
  --mcp-transport stdio \
  --mcp-command npx \
  --mcp-args "-y your-mcp-server" \
  --provider anthropic

Detects patterns like:

  • Override instructions in tool descriptions
  • Hidden commands in parameter documentation
  • Conflicting tool names that shadow legitimate tools

Disable with --disable-tool-schema-poisoning.

Expected Server Identity

Verify the MCP server identity during handshake:

tachyonic scan \
  --mcp-transport stdio \
  --mcp-command npx \
  --mcp-args "-y @modelcontextprotocol/server-filesystem /tmp" \
  --mcp-expected-server-name "filesystem"

Allowed Tools

Restrict which tools the scanner interacts with:

tachyonic scan \
  --mcp-transport http \
  --mcp-url https://your-server.com/mcp \
  --allowed-tool read_file,write_file,list_directory

Cloud Scans

Submit scans to the Tachyonic platform for team visibility and tracking

Agent Testing

Test CLI-based AI agents and remote agents via SSH

On this page

OverviewStdio TransportHTTP TransportWhat Gets TestedTool Schema Poisoning DetectionExpected Server IdentityAllowed Tools