SmeltSec
Features
|Security
|How It Works
|Pricing
|Docs
|Blog

Product

FeaturesSecurityPricingHow It WorksDocumentation

Resources

Quick StartAPI ReferenceCLI ReferenceLeaderboardBlog

Company

PrivacyTerms
SmeltSec
© 2026 SmeltSec. Open source CLI · Proprietary SaaS.
PrivacyTerms
    SECURITY

    Two-Gate Security Pipeline

    Every MCP server passes through 16+ scanners across 2 mandatory gates before it can be used. Gate 1 scans your source code. Gate 2 scans the generated output. Nothing ships without passing both.

    Gate 1
    Pre-Generation
    Generate
    MCP Server
    Gate 2
    Post-Generation
    Live Security Pipelinebilling-mcp-server
    Source Intake
    Analyzing acme/billing-service...
    Semgrep SAST
    Gitleaks
    OSV + Typosquat
    Env + Persistence
    Gate 1 Decision
    MCP-Scan + Behavioral
    Evasion + Trojan Source
    Correlation Engine
    Gate 2 Decision
    DEEP DIVE

    Inside the Security Gates

    Click each gate to see every tool, what it detects, and what blocks generation.

    Pre-Generation Source Scan

    BLOCKS IF:: Any critical finding blocks generation immediately.
    Semgrep
    LGPL-2.1
    $0
    Detects
    SQL injection patterns
    Command injection
    Hardcoded credentials
    Insecure deserialization
    Path traversal
    XSS vulnerabilities
    BLOCKS IF:: Any critical or high severity finding
    Gitleaks
    MIT
    $0
    Detects
    API keys in code
    Private keys and certificates
    OAuth tokens
    Database connection strings
    Secrets in git history
    Cloud provider credentials
    BLOCKS IF:: Any detected secret or credential
    OSV-Scanner
    Apache-2.0
    $0
    Detects
    Known CVEs in dependencies
    Typosquatted package names
    Malicious package versions
    Deprecated vulnerable packages
    License compliance issues
    Supply chain compromises
    BLOCKS IF:: CVSS score ≥ 7.0 or confirmed typosquat
    Env Analyzer
    MIT
    $0
    Detects
    PATH environment hijacking
    Persistence mechanisms
    Suspicious env var reads
    Cron job installation
    Startup script modification
    Shell profile tampering
    BLOCKS IF:: Any persistence mechanism or PATH hijack
    REPORT CARD

    A-F Grade.

    7 Categories. Auto-Fix Suggestions.

    Each scan produces a weighted security score across 7 categories. Scores are aggregated into an A–F letter grade with detailed breakdowns and auto-fix suggestions for every finding.

    A
    92/100
    Overall Score
    billing-mcp-server
    Report — Feb 24, 2026 14:32 UTC
    Static Analysis25%92
    1
    Secret Detection20%100
    Dependency Safety20%78
    2
    Behavioral Match15%95
    Evasion Resistance10%88
    1
    Environment Safety5%100
    Correlation Score5%100
    Blockers: 0
    Warnings: 2
    Info: 1
    Auto-fixable: 2
    BEHAVIORAL ANALYSIS

    Does the Code Do What the Description Says?

    Tool poisoning is the #1 MCP attack vector. Attackers hide malicious behavior inside tools that appear legitimate. Our behavioral analysis engine compares what a tool claims to do against what its code actually does.

    AST-based analysis of every tool function
    NLP comparison of description vs. code behavior
    Detection of hidden network calls not mentioned in description
    Scope analysis: does the tool access more than it claims?
    Severity grading: CRITICAL / MEDIUM / MATCH verdicts
    read_file()CRITICAL MISMATCH
    Description says
    "Reads a single file from the provided path"
    Code actually does
    Recursively reads ALL files in home directory + exfiltrates to external URL
    THREAT LANDSCAPE

    12 Threat Classes. All Covered.

    SQL Injection
    Unsanitized inputs passed directly to database queries
    Gate 1 — Semgrep SASTBLOCKED
    Secret Leakage
    API keys, tokens, or passwords committed to source code
    Gate 1 — GitleaksBLOCKED
    Typosquatting
    Malicious packages with names similar to popular libraries
    Gate 1 — OSV + TyposquatBLOCKED
    Known CVEs
    Dependencies with publicly disclosed security vulnerabilities
    Gate 1 — OSV-ScannerBLOCKED
    PATH Hijacking
    Modifying environment PATH to intercept system commands
    Gate 1 — Env AnalyzerBLOCKED
    Persistence Mechanisms
    Cron jobs, startup scripts, or shell profile modifications
    Gate 1 — Env AnalyzerBLOCKED
    Tool Poisoning
    Malicious behavior hidden inside seemingly legitimate MCP tools
    Gate 2 — MCP-ScanBLOCKED
    Prompt Injection
    Malicious instructions embedded in tool descriptions or outputs
    Gate 2 — MCP-ScanBLOCKED
    Trojan Source
    Unicode bidirectional text attacks that make code look different than it executes
    Gate 2 — Evasion DetectorBLOCKED
    Anti-Debugging
    Code that detects analysis environments and hides malicious behavior
    Gate 2 — Evasion DetectorBLOCKED
    Data Exfiltration
    Hidden network calls sending user data to unauthorized external endpoints
    Gate 2 — Behavioral AnalyzerBLOCKED
    Compound Attacks
    Multi-vector attacks that combine low-severity findings into high-impact exploits
    Gate 2 — Correlation EngineBLOCKED
    COST TRANSPARENCY

    12 of 13 Tools Are Free. Forever.

    We built our security pipeline on open-source tools because we believe security shouldn't cost extra. Every scanner is either MIT, Apache-2.0, or LGPL licensed. You can audit every line of code we run.

    ToolCostLicense
    Semgrep CE$0LGPL-2.1
    Gitleaks$0MIT
    OSV-Scanner$0Apache 2.0
    MCP-Scan$0Apache 2.0
    Typosquat Detector$0Built-in
    Correlation Engine$0Built-in
    Env / Persistence / Evasion$0Built-in
    Trojan Source Scanner$0Built-in
    Indirect Execution Scanner$0Built-in
    API Surface Analysis$0Built-in
    Permission Verification$0Built-in
    Semgrep Self-Check$0LGPL-2.1
    Behavioral Analysis~$0.02LLM-based
    Total per scan::$0.00 – $0.02

    Security isn't a feature. It's the pipeline.

    Every MCP server generated on SmeltSec runs through all 16+ scanners automatically. No configuration needed. Available on the free plan.