OWASP MCP Top 10 Coverage
How MCPAmpel's 16 engines map to the OWASP MCP Top 10 security risks.
| Risk | ID | Coverage | Engines |
|---|---|---|---|
| Token Mismanagement | MCP01 |
Strong | DetectSecrets, Gitleaks, Bandit |
| Privilege Escalation | MCP02 |
Partial | Cisco Skill |
| Tool Poisoning | MCP03 |
Partial | Custom YARA, MCP Guardian |
| Supply Chain Attacks | MCP04 |
Strong | Trivy, OSV, Grype, PipAudit, ScanCode |
| Command Injection | MCP05 |
Strong | Semgrep, Bandit, Cisco Skill |
| Prompt Injection | MCP06 |
Partial | MCP Guardian, Custom YARA |
| Insufficient Auth | MCP07 |
Partial | Semgrep, Checkov |
| Lack of Audit | MCP08 |
Limited | Semgrep |
| Shadow MCP Servers | MCP09 |
N/A | Runtime concern |
| Context Injection | MCP10 |
Partial | MCP Guardian, Cisco Skill |
MCPAmpel addresses 9 of 10 OWASP MCP Top 10 risks, with strong coverage on 7 and partial coverage on 2. Only MCP09 (Shadow MCP Servers) is a runtime concern outside the scope of source code analysis.
Anthropic recommends: "Use MCP servers from providers you trust." MCPAmpel helps you verify which servers to trust.