Bawbel Scanner
Security scanner for MCP servers and skill files. Detects AVE vulnerabilities before production.
Ask AI about Bawbel Scanner
Powered by Claude Β· Grounded in docs
I know everything about Bawbel Scanner. Ask me about installation, configuration, usage, or troubleshooting.
0/500
Reviews
Documentation
Bawbel MCP Server
Security scanner for MCP servers and agentic AI components, exposed as MCP tools.
Bawbel MCP Server lets any MCP-compatible agent scan servers, check skill files, score conformance, and query the AVE threat intelligence database mid-conversation.
Install
pip install bawbel-mcp
Or with all detection engines (YARA, Semgrep, LLM, Magika):
pip install "bawbel-mcp[all]"
Tools
| Tool | Description |
|---|---|
scan_content | Scan raw text content for AVE vulnerabilities |
scan_server_card | Fetch and scan an MCP server-card before connecting |
check_conformance | Score a server manifest against the MCP spec (18 checks, A+ to F) |
lookup_ave | Get a full AVE record by ID with remediation guidance |
search_ave | Search AVE records by keyword |
list_ave | List all AVE records with optional severity/category filters |
check_pins | Detect rug pull drift in a directory of skill files |
Resources
| Resource | Description |
|---|---|
ave://stats | Current AVE database statistics |
ave://record/{ave_id} | Full AVE record for a specific ID |
Usage
Claude Desktop
Add to claude_desktop_config.json:
{
"mcpServers": {
"bawbel": {
"command": "uvx",
"args": ["bawbel-mcp"]
}
}
}
Claude Code
claude mcp add bawbel uvx bawbel-mcp
Cursor / Windsurf
Add to your MCP settings:
{
"bawbel": {
"command": "uvx",
"args": ["bawbel-mcp"]
}
}
Remote deployment (Streamable HTTP)
uvx bawbel-mcp --transport streamable-http --host 0.0.0.0 --port 8000
Example conversations
Scan a server before connecting:
"Before I add this MCP server to my config, scan it for security issues: https://api.some-mcp-server.com"
Claude calls scan_server_card("https://api.some-mcp-server.com") and reports any
findings with AVE IDs, severity, and remediation steps.
Check a skill file:
"Check this skill file content for prompt injection vulnerabilities: [paste content]"
Claude calls scan_content(content) and returns findings.
Score a server against the spec:
"Does this server follow the MCP spec? https://api.some-mcp-server.com"
Claude calls check_conformance("https://api.some-mcp-server.com") and returns
a score, grade, and list of failed checks.
Look up a vulnerability:
"What is AVE-2026-00041 and how do I fix it?"
Claude calls lookup_ave("AVE-2026-00041") and returns the full record with
behavioral fingerprint, IOCs, and remediation steps.
Search for relevant vulnerabilities:
"What AVE records cover credential exfiltration?"
Claude calls search_ave("credential exfiltration") and returns matching records.
Requirements
- Python 3.10+
bawbel-scanner>=1.1.1(installed automatically)fastmcp>=3.0.0(installed automatically)
The bawbel CLI must be available in PATH. Installing bawbel-mcp installs
bawbel-scanner which provides the bawbel CLI.
Related
- bawbel-scanner β CLI scanner
- bawbel-ave β AVE standard and records
- api.piranha.bawbel.io β Threat intel API
- bawbel.io/docs β Full documentation
Apache 2.0. Built by Bawbel.