Compuute MCP Security Scanner
https://server.smithery.ai/daniel-abbay/compuute-scan-api/mcpStatic security scanner for MCP servers. POST a public GitHub URL, get severity counts, a score, and the top findings with file+line back. 37 rules across TypeScript, JavaScript, Python, Go, Rust, C#, Java, and Kotlin — every language with an official MCP SDK. Detects argument injection for npx/uvx/pipx/pnpx runner binaries (CWE-88), known CVEs in 40+ top packages, and the usual L0 discovery (transport, tool inventory, dependency pinning). This is a pattern detector, not an exploitability oracle. Around 90% raw false-positive rate on unfiltered output — triage is on you, and the response says so explicitly. POST /v1/scan is free with no API key. POST /v1/scan/pay charges $0.10 USDC per scan via x402 on Base. Manual L2-L4 audits at compuute.se/audit when you need dataflow review. Wraps compuute-scan (MIT, zero deps). Per-rule false-positive rates and the methodology paper live in the repo.
How to connect
https://server.smithery.ai/daniel-abbay/compuute-scan-api/mcpcurl -X POST https://server.smithery.ai/daniel-abbay/compuute-scan-api/mcp \
-H 'Content-Type: application/json' \
-H 'Accept: application/json, text/event-stream' \
-d '{"jsonrpc":"2.0","id":1,"method":"initialize","params":{}}'