OtherTrust: 81/100

nova-proximity

A security scanner for MCP servers and Agent Skills using NOVA rules.

Generic MCP Client

Setup: MediumGitHub

quick verdict

nova-proximity is worth checking the docs before setup with strong trust signals. Check agent compatibility and use-case fit before adding it to your workflow.

best fit

Scan an MCP server to discover all available tools and prompts.
Audit a custom agent skill for security vulnerabilities before deployment.
Integrate into a CI/CD pipeline to automatically check MCP endpoints for risks.

watch out

The tool requires network access to scan remote MCP servers, which may expose internal endpoints if misconfigured.
Scanning third-party servers without permission may be considered unauthorized access.

install

How to install nova-proximity

quick start

gh repo view Nova-Hunting/nova-proximity --web

step 1

Open the official repository or website.

step 2

Check the README for package manager, auth, and platform requirements.

step 3

Try it in a small test task inside your agent workflow.

What does this tool actually do?

Nova Proximity scans MCP servers and agent skills to find tools, prompts, and resources. It checks for security issues like prompt injection and suspicious code patterns using NOVA rules. You can use it to analyze both HTTP endpoints and local skill files.

Deep Dive

Nova Proximity is a security scanner designed for MCP (Model Context Protocol) servers and Agent Skills. It discovers tools, prompts, and resources exposed by MCP servers and provides detailed analysis of their capabilities. The tool integrates NOVA security rules to detect potential vulnerabilities such as prompt injection, jailbreak attempts, and suspicious code patterns. It supports the MCP Spec 2025-11-25, including Streamable HTTP, session management, and tool annotations. Nova Proximity can scan HTTP endpoints, stdio commands, and local skill files, and generates JSON or Markdown reports. It also offers pattern-specific remediation guidance for each security finding.

trust and safety

Trust & Safety Score

high

Strong trust signals; still review the README and permissions before production use.

Activity95/100

Last commit was about 73 days ago.

Community65/100

295 GitHub stars indicate community interest.

Maintenance88/100

2 open issues signal maintenance load.

License90/100

GPL-3.0 license detected.

Use Cases

Scan an MCP server to discover all available tools and prompts.

Audit a custom agent skill for security vulnerabilities before deployment.

Integrate into a CI/CD pipeline to automatically check MCP endpoints for risks.

Generate a detailed security report for a third-party MCP server.

Evaluate the security posture of multiple agent skills in a repository.

Who Should Use It

Security researchers focusing on AI agent securityDevelopers building or integrating MCP serversDevOps engineers deploying agent-based systemsPenetration testers assessing AI infrastructure

Security and Trust Notes

The tool requires network access to scan remote MCP servers, which may expose internal endpoints if misconfigured.

Scanning third-party servers without permission may be considered unauthorized access.

295

Stars

Forks

Issues

GPL-3.0

License

internal links

Similar tools and tools that work well together

works with

Ollama

Run large language models locally with a simple CLI. Supports Llama, Mistral, Gemma, and 100+ models with one command.

OtherTrust: 90/100

works with

mem0

Universal memory layer for AI agents that enables personalized, context-aware interactions.

OtherTrust: 85/100

works with

hyperframes

An open-source framework to turn HTML, CSS, and animations into deterministic MP4 videos.

nova-proximity

How to install nova-proximity

What does this tool actually do?

Deep Dive

Trust & Safety Score

Use Cases

Who Should Use It

Tags

Security and Trust Notes

Similar tools and tools that work well together

Ollama

mem0

hyperframes

Sephera