Skip to main content

Prerequisites

  • Python 3.11 or later
  • uv (recommended) or pip
  • An MCP server to test (or use the example below)

Install

pip install counteragent
CounterAgent is not yet published to PyPI. Use the git clone method for now.

Run your first scan

1

Pick a target server

You can scan any MCP server you have permission to test. This guide uses the official MCP memory server as an example. You don’t need to start the server manually — CounterAgent spawns it via the --command flag.Install the example target if you don’t have one:
npm install -g @modelcontextprotocol/server-memory
2

Run the scan

CounterAgent launches the server as a child process, connects over stdio, enumerates its tools and resources, then runs all 10 OWASP MCP Top 10 scanner modules against it.
counteragent audit scan \
  --transport stdio \
  --command "npx @modelcontextprotocol/server-memory"
3

Review the output

The CLI prints a live summary as it runs:
  • Connected — confirms the transport and server name
  • Scanners run — lists each module that executed
  • Findings — any security issues found, with severity, description, and remediation
  • Report saved — path to the full JSON report (default: results/scan.json)

Enumerate a server

Before a full scan, you can quickly check what a server exposes: 
counteragent audit enumerate \
  --transport stdio \
  --command "npx @modelcontextprotocol/server-memory"
This lists the server’s tools, resources, and prompts without running any security checks.

Check available scanners

counteragent audit list-checks
Prints a table of all scanner modules with their OWASP ID and status.

Next steps