Every MCP server on your machine. Seen, graded, controlled.
AI gateways can't see what's configured on developer laptops. One open-source agent can: it finds every MCP server across Claude Code, Cursor, Windsurf, Copilot, and Gemini, flags the shadow servers nobody approved, and grades the machine A–F — in about 60 seconds.
No account, no signup. The scan runs locally and exits non-zero on high-risk findings — CI-friendly.
Sees the AI clients your team already runs
One agent · one vantage point
Gateways watch the network. This runs where the risk lives.
MCP servers are configured per-machine, per-client — invisible to any server-side gateway. The agent sits on the endpoint and does three jobs from one position.
See
Find every server, on every client
One command discovers every MCP server configured across Claude Code, Claude Desktop, Cursor, Windsurf, Copilot, and Gemini — including the shadow servers nobody approved — and grades the machine A–F against a risk-classified catalog.
Run the free scanEnforce
Early accessPolicy at the edge, not in a proxy
Sentinel is a local guard that evaluates every tool call before it executes — allow, block, or require approval — with a full audit log on the machine. No traffic rerouted through anyone's cloud.
See SentinelSave
Beta · measuredKnow where your tokens go
TokenShield is a local proxy with a live ledger of your Claude API usage — every request, every model, real billed tokens. Optimization processors are in beta: savings are measured on your machine, never promised in a headline.
See TokenShieldFrom zero visibility to governed — in three steps
Run the scan
One command, ~60 seconds, entirely local. It reads the MCP config locations of every AI client on the machine and checks each server against the risk-classified catalog.
Share the graded report
Get an A–F grade and an unlisted report URL — the artifact you paste in Slack or hand to your security lead. Only server names and risk flags are shared, never commands, env vars, or paths.
Govern with the agent
Install approved servers once and sync them across every client. Teams add an org-wide allowlist, fleet inventory, and audit-ready reporting on top.
npx -y @curatedmcp/auditorFree and open source. No account. Exits non-zero on high-risk findings — drop it in CI.
For engineering orgs · the Team Plane
Shadow MCP is already in your org. See all of it at once.
Every developer laptop has its own MCP configs — and your gateway can't see any of them. The Team Plane aggregates what the agents see into one fleet-wide inventory, with an org allowlist and reporting your security lead can take into a SOC 2 review.
- Fleet-wide shadow-MCP inventory across every machine
- Org allowlist from a risk-classified catalog
- Audit-ready reporting — control plane here, data plane on your machines
- $29/seat/month · or a $7,500 60-day pilot, deployed for you
Go deeper
Server catalog
72+ MCP servers, each human-reviewed and risk-classified before listing.
ExploreState of MCP Security 2026
69% of popular MCP servers ask for a plaintext secret. The full research.
ExploreDocs & install guides
Setup guides for every server × client combination, plus security how-tos.
ExplorePlaybooks & templates
Pre-built MCP stacks and team config templates for common workflows.
ExploreHow many ungoverned MCP servers are on your machines right now?
One free command answers it in 60 seconds — locally, no account, no signup.
Rolling out across an org? See the Team Plane →