Lazaretto · blog

How to check an MCP server for malware before you add it

2026-07-14

Model Context Protocol (MCP) servers give an agent tools, and often real access to a filesystem, a shell, or an API. Adding a third-party MCP server is a trust decision with the same shape as installing a package — and the same exposure if it is malicious.

Verify the package the server ships as

Most MCP servers are distributed as an npm package or a GitHub repo. Point Lazaretto at it and it fetches the code in a sandbox — without running it — and screens for credential access, exfiltration, obfuscation, install-lifecycle droppers, and bundled secrets.

curl -s -X POST https://lazaretto.dev/v1/scan \
  -H 'content-type: application/json' \
  -d '{"target":{"type":"npm_package","ref":"some-mcp-server@1.0.0"},"depth":"full"}'

What to look for

A malicious verdict means an indicator match — treat it as a hard stop. A flagged verdict surfaces behavioral signals with the file, line, and snippet that triggered them, so you can judge in seconds. A clear result means nothing known-bad and no rule fired — it is a statement about what was detected, not a warranty.

See the rule catalog and the other guides.


Lazaretto is the pre-install checkpoint agents call themselves. Try it · pricing.