Your AI agents run MCP servers that can read files, execute commands, access databases, and send messages. Most are unsigned, unaudited, and invisible to your security tools.
The Model Context Protocol (MCP) lets AI agents connect to external servers that provide tools beyond built-in capabilities. A developer installs an MCP server and their AI agent gains the ability to run shell commands, query databases, process payments, or send messages on their behalf.
MCP servers are configured in JSON files scattered across your machine — in Claude Code settings, Cursor configs, Windsurf directories, and VS Code extensions. Each configuration grants new capabilities to the agent. Most organizations have no inventory of which MCP servers are installed, what they can do, or whether they have been tampered with.
Security teams face a supply chain problem: MCP servers are installed from npm, PyPI, or GitHub with no signing, no attestation, and no centralized visibility. A compromised or malicious MCP server has the same access as the AI agent itself.
OpenA2A CLI analyzes each MCP server configuration and surfaces its capabilities in plain language.
Can run commands on your computer
shell-accessCan read and modify databases
databaseCan access payment systems
paymentsCan send messages on your behalf
messagingCan read files across your filesystem
filesystemCan make network requests to external APIs
networkDiscover, audit, and sign your MCP server configurations from the terminal.
Find every MCP server on your machine
$ opena2a detect
MCP Server Discovery
Scanning: project-local + machine-wide configurations
Claude Code 3 servers found
Cursor 1 server found
VS Code 2 servers found
Total: 6 MCP servers across 3 platforms
Server Platform Transport Status
filesystem Claude Code stdio Running
postgres-mcp Claude Code stdio Running
stripe Cursor sse Running
slack-bot VS Code stdio Stopped
github-mcp VS Code stdio Running
custom-tools Claude Code stdio RunningAnalyze capabilities and trust scores
$ opena2a mcp audit --registry
MCP Security Audit
Server: stripe
Platform: Cursor
Transport: sse
Capabilities detected:
[payments] Can access payment systems
[network] Can make network requests to external APIs
Registry Trust Score: 50/100
Signed: No
Last verified: Never
Recommendations:
- Sign this server with: opena2a mcp sign stripe
- Review payment scope permissions
- Enable transport encryption for SSE connectionsCryptographic identity for tamper detection
$ opena2a mcp sign stripe
MCP Server Signing
Server: stripe
Algorithm: Ed25519
Configuration hash: a3f8c2d1...
Signature: MCowBQYDK2Vw...
Attestation saved: ~/.opena2a/attestations/stripe.json
Next verification will detect any configuration changes.
Re-run 'opena2a mcp audit' to confirm signed status.The --registry flag enriches your local scan results with community trust data from the OpenA2A registry. See how the broader community rates each MCP server.
Trust scores are computed from community reports, signing status, maintainer reputation, and vulnerability history.
Export MCP server inventories for compliance, asset management, and executive reporting.
Asset inventory for CMDB integration
opena2a detect --format csv > mcp-inventory.csvImport into ServiceNow, Jira Assets, or any CMDB. Includes server name, platform, transport, capabilities, and trust score.
Executive summary for stakeholders
opena2a mcp audit --format html > report.htmlVisual report with trust score distribution, unsigned server count, capability breakdown, and remediation priorities.
One command. No account required. See every MCP server across Claude Code, Cursor, Windsurf, and VS Code.
npx opena2a-cli detect --registryA practical guide to auditing, signing, and governing MCP servers across your organization. Delivered to your inbox.
Weekly insights, vulnerability alerts, and best practices