Get findings out of a real MCP server.
Five steps. Copy-paste shell commands. Real binaries. By the end you'll have a findings.v1.json document for a server you can verify against the public leaderboard.
Prereqs
- · curl and a POSIX-ish shell (bash, zsh, or Git Bash on Windows)
- · Node 20+ (only if you want to scan an npm MCP server in the sandbox path — optional for the static steps below)
- · Docker (only for the live sandbox path — same caveat)
Install Capframe
One sha256-verified installer drops the capframe umbrella + mcp-recon + capnagent binaries onto your PATH.
curl -fsSL capframe.ai/install | sh
Verify: capframe --version should print a version line. If you'd rather install from source, see the source-install steps.
Grab a real inventory
The fastest first run uses a pre-built inventory from the repo so you can see findings without setting up an MCP config first. We'll fetch the safe-mcp sample — a deliberately well-defended server, plus a deliberately leaky one — and classify both in step 3.
curl -fsSL \ https://raw.githubusercontent.com/euanmcrosson-dotcom/mcp-recon/master/examples/safe-mcp.inventory.json \ -o inventory.json
Already have an MCP config? Skip the curl and build a live inventory from your own setup with mcp-recon enumerate ~/.cursor/mcp.json --out inventory.json --pretty. Failures don't abort the run — a server that can't be reached becomes an empty inventory entry, so the output is always a well-formed envelope.
Classify the inventory into findings
Same input → same output, every run. Seven rules (R1–R7) map to OWASP LLM Top 10, NIST AI RMF, and MITRE ATLAS IDs.
mcp-recon --target inventory.json --out findings.json --pretty # Or via the umbrella: capframe find inventory.json --out findings.json
The file you get is a findings.v1 JSON envelope. Open findings.json in your editor — the findings[] array is the unit of value, each entry has a stable id, a severity, a category, a remediation hint, and the compliance-framework IDs that map to it.
Skim the output without leaving the shell
Two one-liners that work on any findings.v1 document:
# Counts by severity jq '.summary.by_severity' findings.json # Worst-first list of titles jq '[.findings[] | select(.severity=="critical" or .severity=="high")] | sort_by(.severity) | reverse | .[].title' findings.json
Want to verify against the public scoreboard? The same scanner runs daily on a corpus of 72+ servers at capframe.ai/leaderboard — find any package you're using and compare findings to the live scan.
Turn findings into capability caveats
The Find module names the surface; the Bind module shrinks it. mcp-recon caveats emits a capnagent-ready issuance plan — a deny/scope recommendation per authority-relevant finding, plus caveat-DSL strings ready to mint into a capability token.
mcp-recon caveats inventory.json --out caveats.json --pretty
# Inspect the recommended plans:
jq '.plans[] | {tool, recommend, caveats: [.caveats[].dsl]}' caveats.json
# Hand off to capnagent:
capframe bind caveats.json --out token.binThe token is a macaroon-style capability — pass it to your agent runtime and capframe-guard enforces the caveats at call time. That's the full Find → Bind → Guard loop in five steps.
Where to next
- · findings.v1 schema reference — every field of the wire format, with the JSON Schema regex patterns
- · live leaderboard — 72 MCP servers, refreshed daily, full per-tool findings
- · blog — write-ups of specific findings + classifier discipline
- · GitHub — issue a bug report, propose a new rule, vendor the binaries
Hit a snag? Open an issue with the step number and the error — the quickstart should work on a clean machine.