π¦
Driftcop
AI powered SAST tool for MCP servers to detect MCP server drift detection and tracking via SigStore + Web UI for Enterprise Users
0 installs
11 stars
5 forks
Trust: 64 β Good
Commerce
Installation
npx driftcopAsk AI about Driftcop
Powered by Claude Β· Grounded in docs
I know everything about Driftcop. Ask me about installation, configuration, usage, or troubleshooting.
0/500
Loading tools...
Reviews
Documentation
DriftCop.
The ultrafast-fast security cop keeping your MCP servers locked-in and locked-down.
π― What is DriftCop?
Drift-Cop is your Enterprise grade MCP security scanner based CLI + live dashboard that spots dangerous drift in AI tools. It spots injection hacks, and CVEs, signs every change in SigStore. Drift-Cop is designed to help AI developers and InfoSec organizations identify, track, and mitigate security vulnerabilities in MCP server implementations they use from external untrusted sources.
π₯ Why Drift-Cop?
- Spot the Drift instantly β Diff every manifest, dependency and workspace change against golden baselines in real-time.
- Attack-aware Scanning β Rug-pull, typosquat, supply-chain & prompt-injection rules baked-in and update daily.
- Actionable Autopilot β AI-generated fixes, PR suggestions and Slack/SIEM alerts π¨.
- Two-Piece Powerhouse β Lightweight CLI + Cloud Control-Plane give you end-to-end coverage without vendor lock-in.
βWe caught an auth-bypass typo before it hit production. Drift-Cop paid for itself on day one.β β A Very Happy DevOps Lead
Drift-Cop is a defensive security platform designed to help developers and organizations identify, track, and mitigate security vulnerabilities in MCP server implementations. It consists of two main components working seamlessly together to provide end-to-end security coverage.
π₯ Demo Video
π¬ Click to watch the Drift-Cop demo video
Real-time drift monitoring and approval workflow
π¦ Components
1. MCP Security Scanner (mcp-sec)
A powerful command-line security scanner that performs deep analysis of MCP servers, codebases, and dependencies.
Key Features:
- Multi-Layer Scanning: Comprehensive analysis of server manifests, workspace code, and dependencies
- Advanced Threat Detection:
- Typosquatting detection using Levenshtein distance and TF-IDF similarity
- Semantic drift analysis powered by LLM to detect mismatches between descriptions and capabilities
- Prompt injection pattern detection including hidden characters and system manipulation
- Known CVE scanning in dependencies
- Cryptographic Security:
- SHA-256 based tool hashing with canonical JSON representation
- Sigstore integration for digital signatures (DSSE envelope format)
- Version tracking to detect unauthorized changes
- Lock file management for manifest pinning
- Language Support: Extracts MCP tool definitions from 10+ languages using Tree-sitter AST parsing
- Flexible Reporting: Markdown, JSON, and SARIF formats for CI/CD integration
2. MCP Security Web UI (mcp-sec-web)
A modern React-based dashboard providing real-time visualization and management of security findings.
Key Features:
- Real-Time Dashboard: Live monitoring of configuration drifts and security issues
- Interactive Approval Workflows:
- Quick approve for low-risk changes
- Detailed review process for high-risk modifications
- Complete audit trail with timestamps and approver tracking
- Advanced Filtering & Search: Filter by severity, environment, repository, or custom search
- Bulk Operations: Select and approve multiple drifts simultaneously
- Data Export: CSV and JSON export for reporting and analysis
- Zero-Integration Design: Works with existing MCP-SEC installations without code modifications
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β MCP SECURITY SCANNER (mcp-sec/) β
β "Shift-Left Security for MCP Servers" β
β Version 0.1.0 β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β CORE SCANNERS β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β ββββββββββββββββββββββββ ββββββββββββββββββββββββ ββββββββββββββββββββββββ β
β β SERVER SCANNER β β WORKSPACE SCANNER β β DEPENDENCY SCANNER β β
β ββββββββββββββββββββββββ€ ββββββββββββββββββββββββ€ ββββββββββββββββββββββββ€ β
β β β’ Manifest validation β β β’ Prompt injection β β β’ CVE detection β β
β β β’ Schema checking β β β’ MCP tool extractionβ β β’ Typosquatting β β
β β β’ Permission audit β β β’ Code pattern match β β β’ Version checks β β
β β β’ Typo detection β β β’ Zero-width chars β β β’ Package analysis β β
β β β’ Semantic analysis β β β’ Security patterns β β β’ Lock verification β β
β ββββββββββββββββββββββββ ββββββββββββββββββββββββ ββββββββββββββββββββββββ β
β β² β² β² β
β β β β β
β ββββββββββββββββββββββββββββ΄βββββββββββββββββββββββββββ β
β β β
ββββββββββββββββββββββββββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β SECURITY ANALYZERS β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β βββββββββββββββββββββββββββββββββββ βββββββββββββββββββββββββββββββββββ β
β β TYPO DETECTOR β β SEMANTIC ANALYZER β β
β βββββββββββββββββββββββββββββββββββ€ βββββββββββββββββββββββββββββββββββ€ β
β β β β β β
β β fiIesystem β filesystem β β π€ OpenAI LLM Analysis β β
β β βββββββββββββββββββββ β β βββββββββββββββββββββββ β β
β β β Levenshtein β€ 2 β β β β Description: β β β
β β β Dice coefficient β ββββββββ βΌβββββββΌββΆβ "Read-only tool" β β β
β β β Homograph check β β β β Schema: β β β
β β β TF-IDF + Cosine β β β β {delete: true} β β β β
β β βββββββββββββββββββββ β β βββββββββββββββββββββββ β β
β β β β β β
β βββββββββββββββββββββββββββββββββββ βββββββββββββββββββββββββββββββββββ β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β CRYPTOGRAPHIC SECURITY β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β βββββββββββββββββββββββ βββββββββββββββββββββββ βββββββββββββββββββββββ β
β β TOOL HASHING β β SIGSTORE SIGNING β β VERSION TRACKING β β
β βββββββββββββββββββββββ€ βββββββββββββββββββββββ€ βββββββββββββββββββββββ€ β
β β β β β β β β
β β Tool Definition β β ββββββββββββββββ β β v1.0 βββΊ v1.1 β β
β β β β β β DSSE Format β β β β β β β
β β Canonical JSON β β β OIDC Auth β β β Hashβ β Hashβ β β
β β β β β β Transparency β β β β β β β
β β SHA-256 Hash β β ββββββββββββββββ β β π Notification β β
β β β β β β β β β β β β
β β abc123def456... β β β Verified β β β οΈ Approval Req β β
β β β β β β β β
β βββββββββββββββββββββββ βββββββββββββββββββββββ βββββββββββββββββββββββ β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β CHANGE MANAGEMENT β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β ββββββββββββββ ββββββββββββββ ββββββββββββββ ββββββββββββββ β
β β DETECTION β βββΊ β NOTIFY β βββΊ β APPROVAL β βββΊ β APPLY β β
β ββββββββββββββ ββββββββββββββ ββββββββββββββ ββββββββββββββ β
β β β β β β
β βΌ βΌ βΌ βΌ β
β ββββββββββββββ ββββββββββββββ ββββββββββββββ ββββββββββββββ β
β β Tool Added β β Risk Level β β β Approve β β Tool Activeβ β
β β Perm Changeβ β Stored DB β β β Reject β β Or Blocked β β
β β Hash Changeβ β SQLite β β CLI/API β β Tracked β β
β ββββββββββββββ ββββββββββββββ ββββββββββββββ ββββββββββββββ β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
π Quick Start
Installation
# Install Drift Cop CLI
pip install driftcop
# Clone the repository for web UI
git clone https://github.com/yourusername/drift-cop.git
cd drift-cop
Basic Usage
- Scan an MCP Server:
driftcop scan-server https://example.com/mcp-server
- Start the Web UI:
cd mcp-sec-web
./start.sh
- Access the Dashboard:
- Web UI: http://localhost:5173
- API Docs: http://localhost:8000/docs
π Security Checks
Vulnerability Detection
- Typosquatting: Detects lookalike server names (e.g.,
fiIesystemvsfilesystem) - Semantic Drift: Identifies tools whose capabilities don't match their descriptions
- Permission Analysis: Flags excessive or dangerous permissions
- Prompt Injection: Detects hidden instructions and malicious patterns
- Supply Chain: Scans for known CVEs and unpinned dependencies
Risk Scoring
Findings are categorized by severity:
- Critical (10.0): Immediate security risk requiring urgent action
- High (7.0): Serious security concern
- Medium (4.0): Moderate risk
- Low (1.0): Minor issue
- Info (0.0): Informational finding
ποΈ Architecture
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Drift-Cop β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β ββββββββββββββββββββ ββββββββββββββββββββ β
β β MCP-SEC Scanner β β MCP-SEC Web UI β β
β ββββββββββββββββββββ€ ββββββββββββββββββββ€ β
β β β’ CLI Interface β β β’ React Frontend β β
β β β’ Multi-Scanner ββββββββββββΊβ β’ FastAPI Backendβ β
β β β’ Crypto Engine β β β’ Real-time Dash β β
β β β’ Report Gen β β β’ Approval Flow β β
β ββββββββββ¬ββββββββββ ββββββββββ¬ββββββββββ β
β β β β
β ββββββββββββββββ¬βββββββββββββββββ β
β βΌ β
β ββββββββββββββββ β
β β SQLite DBs β β
β ββββββββββββββββ€ β
β β β’ Tracking β β
β β β’ Approvals β β
β β β’ History β β
β ββββββββββββββββ β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
π Workflow Integration
CI/CD Pipeline
# Example GitHub Actions workflow
- name: Drift Cop Security Scan
run: |
driftcop ci-hook https://your-server.com \
--threshold 5.0 \
--sarif report.sarif
- name: Upload SARIF
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: report.sarif
Change Management Process
- Detection: Scanner identifies configuration changes
- Notification: Changes tracked in SQLite database
- Review: Security team reviews via web dashboard
- Approval: Approved changes are applied, rejected ones blocked
- Audit: Complete trail maintained for compliance
π‘οΈ Security Best Practices
For MCP Server Developers
- Pin Dependencies: Use exact versions in lock files
- Sign Manifests: Use Sigstore for cryptographic signatures
- Minimize Permissions: Request only necessary capabilities
- Clear Descriptions: Ensure tool descriptions match functionality
- Regular Scans: Integrate security scanning in CI/CD
For Security Teams
- Regular Monitoring: Use web dashboard for continuous oversight
- Risk Thresholds: Set appropriate thresholds for your environment
- Approval Workflows: Establish clear approval processes
- Audit Trails: Maintain records for compliance
- Incident Response: Have plans for high-severity findings
π Documentation
- MCP-SEC CLI Reference
- Web UI Guide
- Integration Guide
- API Documentation (when running)
π€ Contributing
We welcome contributions! Please see our contributing guidelines for:
- Code style and standards
- Testing requirements
- Pull request process
- Security disclosure policy
π License
DriftCop is released under an open-core licensing model:
- Core Components (
/mcp-sec,/mcp-sec-web): Apache License 2.0 - Community Rules (
/rules/community): CC0 1.0 (Public Domain) - Enterprise Features (
/enterprise,/cloud,/rules/pro): Business Source License 1.1 - Documentation (
/docs,/logos): CC BY 4.0
See LICENSE.txt for full details.
Contributing
By submitting contributions, you agree to our Contributor License Agreement.
π Acknowledgments
- Built for the Model Context Protocol community
- Powered by Tree-sitter for robust code parsing
- Uses Sigstore for supply chain security
- Inspired by best practices from OWASP and security research
Security Notice: This tool is designed for defensive security purposes only. It helps developers and security teams identify and prevent vulnerabilities in MCP implementations. Always use responsibly and in accordance with applicable laws and regulations.