SignalSentinel.Scanner
2.1.0
See the version list below for details.
dotnet tool install --global SignalSentinel.Scanner --version 2.1.0
dotnet new tool-manifest
dotnet tool install --local SignalSentinel.Scanner --version 2.1.0
#tool dotnet:?package=SignalSentinel.Scanner&version=2.1.0
nuke :add-package SignalSentinel.Scanner --version 2.1.0
Signal Sentinel
Signal Sentinel is a security-first MCP (Model Context Protocol) and Agent Skill security product family, designed to address the critical security gap in the agentic AI ecosystem.
Products
| Product | Type | Description |
|---|---|---|
| Sentinel Scanner | CLI Tool | Security audit tool for MCP server configurations AND Agent Skill packages |
| Sentinel Gateway | Proxy/Firewall | Real-time security enforcement between agents and MCP servers |
| Sentinel Classify | MCP Server | Document classification and sensitivity labelling |
Signal Sentinel Scanner
The Scanner is a command-line tool that audits MCP server configurations and Agent Skill packages for security vulnerabilities. It produces a scored report with OWASP ASI01-ASI10 + MCP01-MCP10 dual mapping and remediation guidance.
Installation
# Install as .NET global tool
dotnet tool install -g SignalSentinel.Scanner
# Or run via Docker
docker pull ghcr.io/signalcoding/signal-sentinel-scanner:latest
docker run --rm ghcr.io/signalcoding/signal-sentinel-scanner:latest --help
Quick Start
# Auto-discover and scan all MCP configurations
sentinel-scan --discover
# Scan Agent Skills (auto-discover)
sentinel-scan --skills
# Scan both MCP and Skills
sentinel-scan --discover --skills
# Scan a specific skill directory
sentinel-scan --skills ~/.claude/skills/
# Scan a specific configuration file
sentinel-scan --config ~/.cursor/mcp.json
# Scan a remote MCP server (HTTP or WebSocket)
sentinel-scan --remote https://mcp.example.com/mcp
sentinel-scan --remote wss://mcp.example.com/ws
# Generate HTML report
sentinel-scan --discover --skills --format html --output report.html
# CI mode (exit code 1 on critical/high findings)
sentinel-scan --discover --skills --ci --format json
Output Formats
- Markdown (default): Human-readable report with emoji indicators
- JSON: Machine-readable for CI/CD integration
- HTML: Styled report with Signal Coding branding
Security Rules
21 security rules across MCP and Agent Skill scanning, aligned with OWASP Agentic AI Top 10 and OWASP MCP Top 10:
MCP Rules
| Rule | OWASP | Description |
|---|---|---|
| SS-001 | ASI01 | Tool Poisoning Detection |
| SS-002 | ASI02 | Overbroad Permissions Detection |
| SS-003 | ASI03 | Missing Authentication Detection |
| SS-004 | ASI04 | Supply Chain Vulnerability Detection |
| SS-005 | ASI05 | Code Execution Capability Detection |
| SS-006 | ASI06 | Memory/Context Write Access Detection |
| SS-007 | ASI07 | Inter-Agent Communication Detection |
| SS-008 | ASI09 | Sensitive Data Access Detection |
| SS-009 | ASI01 | Excessive Description Length |
| SS-010 | ASI02 | Cross-Server Attack Path Analysis |
| SS-019 | ASI03 | Credential Hygiene Check |
| SS-020 | ASI03 | OAuth 2.1 Compliance Check |
| SS-021 | ASI04 | Package Provenance Check |
Skill Rules
| Rule | OWASP | Description |
|---|---|---|
| SS-011 | ASI01 | Skill Prompt Injection Detection |
| SS-012 | ASI02 | Skill Scope Violation Detection |
| SS-013 | ASI03 | Skill Credential Access Detection |
| SS-014 | ASI09 | Skill Data Exfiltration Detection |
| SS-015 | ASI01 | Skill Obfuscation Detection |
| SS-016 | ASI05 | Skill Script Payload Detection |
| SS-017 | ASI02 | Skill Excessive Permissions Detection |
| SS-018 | ASI01 | Skill Hidden Content Detection |
Supported Platforms (Auto-Discovery)
| Platform | MCP Configs | Agent Skills |
|---|---|---|
| Claude Desktop | Yes | - |
| Claude Code | - | Yes |
| Cursor | Yes | Yes |
| VS Code | Yes | - |
| Windsurf | Yes | Yes |
| Zed | Yes | - |
| OpenAI Codex CLI | - | Yes |
Grading System
| Grade | Description |
|---|---|
| A | No critical/high findings, no attack paths |
| B | No critical findings, minor issues |
| C | 1-2 high findings or 1 attack path |
| D | Critical findings present |
| F | Multiple critical findings or attack paths |
Transports
| Transport | Status |
|---|---|
| stdio | Supported |
| HTTP/SSE | Supported |
| Streamable HTTP | Supported |
| WebSocket (ws/wss) | Supported |
Building from Source
Prerequisites
- .NET 10 SDK
- Git
Build
git clone https://github.com/SignalCoding/signal-sentinel-scanner.git
cd signal-sentinel-scanner
dotnet build
Test
dotnet test
Package
dotnet pack -c Release
Architecture
signal-sentinel/
src/
SignalSentinel.Core/ # Shared library (MCP protocol, security patterns, models)
SignalSentinel.Scanner/ # CLI scanner application
McpClient/ # MCP connection and enumeration
SkillParser/ # SKILL.md parser, script inventory, auto-discovery
Rules/ # MCP security rules (SS-001 to SS-010, SS-019 to SS-021)
SkillRules/ # Skill security rules (SS-011 to SS-018)
Scoring/ # OWASP dual mapping and severity scoring
Reports/ # JSON, Markdown, HTML report generators
tests/
SignalSentinel.Scanner.Tests/ # Unit and integration tests (120 tests)
deploy/
docker/ # Multi-arch Docker container
.github/
workflows/ # CI/CD pipelines
Contributing
See CONTRIBUTING.md for guidelines.
Security
See SECURITY.md for our security policy and responsible disclosure process.
License
Apache 2.0 - See LICENSE for details.
About Signal Coding Limited
Signal Coding Limited builds enterprise software engineering tools with defence-grade governance. Our products are built to MOD JSP 440/656 compliance and OWASP security standards.
Website: signalcoding.co.uk
Copyright 2026 Signal Coding Limited. All rights reserved.
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net10.0 is compatible. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
This package has no dependencies.
v2.1.0 - Enhanced Inline Code Block Scanning
- ENHANCED: SS-016 now scans markdown code blocks (bash, python, etc.) for malicious patterns
- ENHANCED: SS-016 detects hardcoded absolute user paths (/root/, /home/user/, C:\Users\) in code blocks
- ENHANCED: SS-012 detects inline code execution (python3 -c, bash -c, node -e) as scope violation
- These enhancements catch skills that embed executable commands in markdown code fences
v2.0.0 - Agent Skill Scanning + New MCP Rules
- NEW: Agent Skill scanning (SKILL.md format) with 8 dedicated rules (SS-011 to SS-018)
- NEW: Skill auto-discovery for Claude Code, Codex CLI, Cursor, Windsurf
- NEW: Bundled script analysis (.py, .sh, .ps1, .js, .ts)
- NEW: Credential Hygiene rule (SS-019) - detects hardcoded secrets in MCP configs
- NEW: OAuth 2.1 Compliance rule (SS-020) - verifies remote server authentication
- NEW: Package Provenance rule (SS-021) - checks npm/PyPI supply chain
- NEW: OWASP MCP Top 10 dual mapping alongside ASI01-ASI10
- NEW: Shared detection patterns (Exfiltration, Credential, Obfuscation)
- NEW: --skills CLI flag for skill scanning
- 21 total security rules (13 MCP + 8 Skill)
- Combined MCP + Skill unified reporting
v1.1.0 - WebSocket Transport Support
- Added WebSocket transport (ws:// and wss:// URLs)
- Auto-detection of transport from URL scheme
- Config file support for websocket transport type
v1.0.0 - Initial Release
- 10 security rules mapped to OWASP Agentic AI Top 10 (ASI01-ASI10)
- Auto-discovery for Claude Desktop, Cursor, VS Code, Windsurf, Zed
- A-F scoring system with OWASP compliance matrix
- JSON, Markdown, and HTML report generation
- CI mode with exit codes for automated pipelines