Inspiration
43%+ of MCP servers ahve vulnerabilities https://www.prompthub.us/blog/mcp-security-in-2025 ** If agents are going to call these servers, how do you trust them first? **Kintsu is our answer: a runtime audit that probes like a human, reports evidence, and issues a cert you can verify.
What it does
- Paste an MCP URL or GitHub repo → Kintsu connects as an MCP client.
- Runtime-only probes (SAFE-MCP–aligned) — no static code rules. We exercise tools with valid + adversarial inputs (e.g., unknown fields, wrong types, HTTP vs HTTPS, unauthenticated vs authenticated) and observe behavior.
- Clear report — findings mapped to SAFE-MCP techniques with request/response evidence, severity, and a risk score.
How we built it
- Agentic core (Claude Code) orchestrates: inspect → probe → score → report.
- Inspect any MCP by URL (Streamable HTTP/SSE) to enumerate tools/prompts/resources and their JSON Schemas.
- Runtime probes only (non-destructive). We never rely on SAST; all evidence comes from live interactions.
- Observability with HoneyHive — every step is traced so judges/devs can replay the run.
- Audit memory with Senso — we persist structured reports and generate clean certificate prose from facts.
- Discovery & docs assist via Bright Data MCP — find real MCP targets by topic and fetch doc snippets when the agent needs context.
Architecture (at a glance)
- FastAPI backend
- Agent (Claude Code) with a small tool registry:
inspect_mcp,probe_input_strictness,probe_https_only,store_report,issue_certificate - MCP client (HTTP/SSE) for remote servers
- HoneyHive for traces (run envelope + span per probe)
- Senso for report storage + certificate text/hosting
- Bright Data MCP for discovery + doc fetch (on demand)
Challenges we ran into
- more time
What we learned
- We solve a really big problem we just need resources to start auditing with CI CD any single public mcp*
What’s next
- Auto-Fix PRs (repos): propose minimal patches + a tiny repro script that flips failing→passing behavior.
- GitHub App (CI): run Kintsu on every PR, post a Check Run, and attach the signed certificate.
- More probes: output safety/encoding checks, rate-limit behavior, and schema drift detection.
Sponsor integrations (used today)
- Bright Data MCP — target discovery by topic + documentation snippets during analysis.
- HoneyHive — full run tracing with per-probe spans and simple eval flags.
- Senso — store structured reports; generate certificate prose; host JSON/PDF artifacts.
Built with
- Python, FastAPI
- Claude Code (agent orchestration)
- Model Context Protocol (remote MCP: Streamable HTTP/SSE)
- HoneyHive (observability)
- Senso.ai (report storage & certificate prose/hosting)
- Bright Data MCP (discovery & docs assist)
- Docker (sandbox), GitHub App (planned)
Built With
- agents
- ai
- fastapi
- love
Log in or sign up for Devpost to join the conversation.