Check your MCP servers
MCP servers run with broad filesystem access. Start here.
npx firmis scan --platform mcpYour First Scan in 30 Seconds
Your Claude skills, MCP servers, and AI plugins run code you didn’t write, from sources you didn’t audit. One command tells you if that’s a problem.
Run your first scan
Section titled “Run your first scan”npx firmis scan .That’s it. Firmis auto-detects Claude Skills, MCP Servers, Codex Plugins, Cursor Rules, and 4 more platforms — no config file, no manifest, nothing to set up.
What you’ll see
Section titled “What you’ll see”This is what a real finding looks like:
Firmis Scanner v1.3.0
Scanning: /your/project Platforms: mcp (3 servers), claude (2 skills) Rules: 209 enabled
CRITICAL sd-015 AWS credentials exposed in tool handler src/tools/aws-helper.ts:22 → This skill is reading your AWS_SECRET_ACCESS_KEY at runtime
CRITICAL tp-003 Hidden instruction injected via tool description src/tools/search.ts:14 → Prompt tells the agent to exfiltrate chat history silently
HIGH de-002 Data forwarded to unverified external URL src/tools/fetch.ts:42 → Tool sends user inputs to api.unknown-domain.com
Found 3 threats (2 critical, 1 high) in 1.2s209 rules. 16 threat categories. Results in under two seconds.
No findings? Here’s why that might happen.
- No AI agent files detected — be specific:
npx firmis scan --platform mcp - Scanning node_modules — exclude it: add to
.firmisignore - Monorepo — point at the right folder:
npx firmis scan ./packages/agent - All findings suppressed — check
.firmisignoreor widen the net:--severity low
Next steps
Section titled “Next steps”Gate it in CI
One command. Discover, scan, report, and fail the build on critical findings.
npx firmis ci --fail-on highUnderstand what was found
Every finding maps to MITRE ATLAS and OWASP LLM Top 10. Know exactly what you’re looking at.
Export for your security team
SARIF output drops straight into GitHub Advanced Security, Semgrep, and most SIEMs.
npx firmis scan --format sarif