Rogue MCP Inspection ¶

Wallarm allows you to audit every installed local MCP server to expose supply-chain risks, excessive privileges, and unrestricted system access to get clear visibility into what AI agents can actually do at your environment.

Access via Postman¶

You can access Rogue MCP Inspection via Rogue MCP Server Detection (Wallarm's MCP server), which is easily accessible via Postman. Scenario:

1. In Postman, you add the Rogue MCP Server Detection server to your Workspace.

2. With Postman's AI Agent, you just ask to inspect your local machine for the rogue MCP.

3. Agent spends 2 minutes learning your PC and responds with the report covering:

   • This is what can be misused by MCPs on your computer
   • This is how to fix that

This feature is free.

Requirements¶

• Postman Desktop Agent locally installed and running on your computer and connected to Postman - needed to run MCP inspection on your computer right from the Postman interface.

1. Add Wallarm's MCP server¶

1. In Postman, access its AI Agent.

2. In AI Agent panel, click Configure ("gear"), and select Configure MCP servers.

3. In displayed MCP Servers tab, click Add ("plus") and do one of the following:

   • Select Rogue MCP Server Detection from the list of the featured MCP servers

   • Or just click Edit config and save the following to it:

     {
         "mcpServers": {
             "Rogue MCP Server Detection": {
                 "command": "npx",
                 "args": [
                     "-y",
                     "rogue-mcp@latest"
                 ],
                 "env": {
                     "WALLARM_API_TOKEN": "YOUR_WALLARM_API_TOKEN"
                 }
             }
         }
     }
     

   No API key required for MCP inspection

   Rogue MCP Inspection is free and does not require a WALLARM_API_TOKEN. The token is only needed for API Security Testing via Postman, which requires a paid subscription.

2. Ask to inspect for rogue MCP¶

With Wallarm's MCP server in place, tell Postman's AI Agent to check for rogue MCP. The check will take about couple of minutes.

3. Learn the result¶

Postman's AI Agent will give you an answer with the test results and suggested mitigation measures in case if any security issues were found.

Other tools¶

Besides Rogue MCP Inspection, Rogue MCP Server Detection provides other tools for security testing, such as API Security Testing via Postman—safe, passive testing of Postman collections for auth gaps, data leaks, and design-level issues.

Was this page helpful?

How can we improve this article? (Optional)

Information is unclear or confusing

Insufficient information

Outdated or incorrect information

0/240

Send