Inspiration

43%+ of MCP servers ahve vulnerabilities https://www.prompthub.us/blog/mcp-security-in-2025 ** If agents are going to call these servers, how do you trust them first? **Kintsu is our answer: a runtime audit that probes like a human, reports evidence, and issues a cert you can verify.


What it does

  • Paste an MCP URL or GitHub repo → Kintsu connects as an MCP client.
  • Runtime-only probes (SAFE-MCP–aligned) — no static code rules. We exercise tools with valid + adversarial inputs (e.g., unknown fields, wrong types, HTTP vs HTTPS, unauthenticated vs authenticated) and observe behavior.
  • Clear report — findings mapped to SAFE-MCP techniques with request/response evidence, severity, and a risk score.

How we built it

  • Agentic core (Claude Code) orchestrates: inspect → probe → score → report.
  • Inspect any MCP by URL (Streamable HTTP/SSE) to enumerate tools/prompts/resources and their JSON Schemas.
  • Runtime probes only (non-destructive). We never rely on SAST; all evidence comes from live interactions.
  • Observability with HoneyHive — every step is traced so judges/devs can replay the run.
  • Audit memory with Senso — we persist structured reports and generate clean certificate prose from facts.
  • Discovery & docs assist via Bright Data MCP — find real MCP targets by topic and fetch doc snippets when the agent needs context.

Architecture (at a glance)

  • FastAPI backend
  • Agent (Claude Code) with a small tool registry: inspect_mcp, probe_input_strictness, probe_https_only, store_report, issue_certificate
  • MCP client (HTTP/SSE) for remote servers
  • HoneyHive for traces (run envelope + span per probe)
  • Senso for report storage + certificate text/hosting
  • Bright Data MCP for discovery + doc fetch (on demand)

Challenges we ran into

  • more time

What we learned

  • We solve a really big problem we just need resources to start auditing with CI CD any single public mcp*

What’s next

  • Auto-Fix PRs (repos): propose minimal patches + a tiny repro script that flips failing→passing behavior.
  • GitHub App (CI): run Kintsu on every PR, post a Check Run, and attach the signed certificate.
  • More probes: output safety/encoding checks, rate-limit behavior, and schema drift detection.

Sponsor integrations (used today)

  • Bright Data MCP — target discovery by topic + documentation snippets during analysis.
  • HoneyHive — full run tracing with per-probe spans and simple eval flags.
  • Senso — store structured reports; generate certificate prose; host JSON/PDF artifacts.

Built with

  • Python, FastAPI
  • Claude Code (agent orchestration)
  • Model Context Protocol (remote MCP: Streamable HTTP/SSE)
  • HoneyHive (observability)
  • Senso.ai (report storage & certificate prose/hosting)
  • Bright Data MCP (discovery & docs assist)
  • Docker (sandbox), GitHub App (planned)

Built With

Share this project:

Updates