Proximity: Open-source MCP security scanner
Proximity is a new open-source tool that scans Model Context Protocol (MCP) servers. It identifies the prompts, tools, and resources that a server makes available, and it can evaluate how those elements might introduce security risks. The tool also work with NOVA, a rule engine that checks for issues such as prompt injection or jailbreak attempts.
“Over the past year, MCP has been rapidly adopted by the community to extend AI capabilities. Developers around the world started creating their own MCP servers, often publicly accessible. But this growth also increased the attack surface, and exposed clients to risks like prompt injection, tool poisoning, or data exfiltration among many others. I created Proximity to provide a first security assessment of an MCP server before deploying it in an environment,” Thomas Roccia, the author of Proximity, told Help Net Security.
Proximity works by probing either remote or local MCP servers to list out what they expose. That includes prompts, tools, and resource descriptions. Paired with NOVA, it can go a step further. The NOVA engine lets analysts write pattern-based rules to detect suspicious or harmful content. This matters because attackers can use the details in exposed tool descriptions to understand how a system works and how to manipulate it.
“If you are familiar with MCP, each exposed resource contains a tool name and a tool description. Attackers can weaponise that information to exploit your environment. With Proximity and NOVA you can scan those descriptions to detect potentially harmful content before deployment,” Roccia explained.
Roccia describes Proximity as part of a larger effort to help security teams evaluate AI systems. The goal is to give analysts a working toolkit that updates as AI environments change.
Proximity is available for free on GitHub.
Must read:
- 35 open-source security tools to power your red team, SOC, and cloud security
- GitHub CISO on security strategy and collaborating with the open-source community
Subscribe to the Help Net Security ad-free monthly newsletter to stay informed on the essential open-source cybersecurity tools. Subscribe here!