MCP scanner — DefenseClaw

Overview

MCP (Model Context Protocol) servers are long-lived processes that expose tools to the agent over stdio or HTTP. They're riskier than skills: a compromised MCP server can exfiltrate data, destroy filesystems, or inject prompts into every subsequent call. DefenseClaw manages MCP entries with defenseclaw mcp set / unset and scans them with defenseclaw mcp scan.

Configure it

defenseclaw setup mcp-scanner

Wizard questions:

1. Analyzer list (yara, api, llm, behavioral, readiness).
2. Unified LLM provider/model when the LLM analyzer is enabled.
3. Cisco AI Defense API analyzer settings when the API analyzer is enabled.
4. Whether to scan MCP prompts, resources, and server instructions.

Non-interactive:

defenseclaw setup mcp-scanner \
  --non-interactive \
  --analyzers yara,behavioral,readiness \
  --scan-prompts \
  --scan-resources \
  --scan-instructions

See the autogenerated setup command page for the full flag table.

Analyzers

Findings land in the audit store with scanner=mcp. EventScanFinding.rule_id matches the analyzer; tool_id records which declared tool is responsible.

Verify it worked

defenseclaw mcp scan my-mcp
defenseclaw tui     # watch scans arrive live

defenseclaw mcp scan accepts --json, --analyzers, --scan-prompts, --scan-resources, --scan-instructions, and --all for the current OpenClaw MCP config.

Undo

defenseclaw setup mcp-scanner --non-interactive --analyzers yara,readiness

Or edit config.yaml directly when you need a setting that is not exposed through the setup wizard, then restart defenseclaw-gateway.

Troubleshooting

Related

• Skill scanner
• Watcher
• Scanner pipeline
• Audit store