Injection Scanner

Injection Scanner

Scans MCP tool definitions for prompt injection patterns. It examines every string field — name, description, and parameter descriptions — against 10 categories of attack signatures including system overrides, data exfiltration, zero-width unicode hiding, HTML comment injection, tool shadowing, persona hijacking, and more.

100% client-side — your JSON never leaves the browser. Works offline. Results typically complete in under 5ms per tool.

Detection rules

The scanner checks for: system override phrases (ignore previous instructions), exfiltration commands (send data to external URL), zero-width unicode (hidden characters), HTML comment / script injection, tool shadowing (impersonation), persona hijack (admin elevation), secrecy instructions (do not tell the user), suspiciously long descriptions (>500 chars), Base64 blobs, and external URLs.

Each finding is rated Critical, High, Medium, or Low. The scanner deduplicates findings per rule per field.

Usage

Paste a tools[] array, a single tool object, or a full MCP server config. Click Scan (or Ctrl+Enter). The output shows per-tool cards with any findings, matched text, and the specific field where the pattern was found. Use the built-in examples to see clean, malicious, and risky tool profiles.