Skip to content

Risk Scoring

dev-mondoshawan edited this page Jun 21, 2026 · 2 revisions

Risk Scoring

MCPShield calculates a risk score (0–100) for each discovered MCP server based on its configuration.

Risk Levels

Level Score Range Alert Generated?
Critical 85–100 Yes — immediate
High 60–84 Yes — immediate
Medium 30–59 No (score increase > 10 triggers one)
Low 0–29 No

Scoring Factors

Signal Weight Examples
Shell / command execution +35 bash, sh, exec, run_command
High-risk tool names +25 delete_file, drop_table, execute_query
Docker / container access +20 docker run, container tool names
Sensitive path access +20 /, C:\, /etc, /root
Database access +15 postgres, mysql, mongodb connection strings
Filesystem write tools +15 write_file, create_file, delete
Sensitive env var names +15 DATABASE_URL, POSTGRES_PASSWORD, API_KEY
Network / HTTP tools +10 fetch, http_request, outbound calls

Scores are capped at 100. Multiple signals stack.


Example Calculations

postgres-prod (Critical)

Shell access detected        +35
Sensitive env var (DB_URL)   +15
Database access pattern      +15
High-risk tool (execute_sql) +25
─────────────────────────────────
Total: 90  →  Critical

filesystem-home (High)

Filesystem write tools       +15
Sensitive path (/home)       +20
Network tools                +10
Sensitive env (HOME, PATH)   +15
─────────────────────────────────
Total: 60  →  High

github-api (Low)

Network / HTTP tools         +10
Sensitive env (GITHUB_TOKEN) +15
─────────────────────────────────
Total: 25  →  Low

Alert Rules

Alerts are generated automatically when:

  • A new server is discovered with risk score ≥ 60
  • An existing server's risk score increases by more than 10 points between scans

Customization

Scoring weights are defined in:

backend/app/utils/risk_scorer.py

Modify the weight constants there to tune sensitivity for your environment.

MCPShield Wiki

Getting Started

User Guide

Technical Reference

Clone this wiki locally