| Version | Supported |
|---|---|
| 0.1.x | ✅ |
Please do not report security vulnerabilities through public GitHub issues.
If you discover a security issue in MCTS itself:
- Email or DM the maintainers (update this with your contact when published)
- Include steps to reproduce and potential impact
- Allow up to 90 days for remediation before public disclosure
We appreciate responsible disclosure and will acknowledge reporters in the release notes when appropriate.
- MCTS CLI, libraries, GitHub Action, and official documentation
- Out of scope: vulnerabilities in third-party MCP servers scanned by MCTS (report those to the server maintainers)
MCTS is a security analysis tool. Only scan MCP servers you own or have explicit authorization to test.
- Live probing and fuzzing start subprocesses — see Live Scanning and Protocol Fuzzing for consent requirements
- CI usage: CI Integration
- REST API: set
MCTS_API_KEYfor production; see REST API threat model
HTML reports are self-contained files with embedded scan data and vendored chart assets. They do not transmit data to MCTS or third parties when you open the file in a browser.
mcts inventory discovers MCP configuration files in well-known locations
(Cursor, Claude Desktop, VS Code, Windsurf, Gemini, Codex, and others). This is
a read-only operation — no data is sent externally, no files are modified,
and environment variable values are not exported (only key names when parsing
configs).
To limit exposure on shared or sensitive machines:
--paths-only— list config file locations without parsing server details--config-path <file>— scope discovery to a single explicit file--redact-paths— replace home directory with~in inventory entry and skill paths in terminal output and default inventory JSON (-o inventory.json)
--redact-paths does not redact paths inside nested scan reports produced by
--scan-all. Treat exported inventory JSON like any config audit artifact.
In CI environments, ephemeral runners typically have no MCP configs and inventory will report zero entries.