Rogue MCP Inspection¶
Wallarm allows you to audit every installed local MCP server to expose supply-chain risks, excessive privileges, and unrestricted system access to get clear visibility into what AI agents can actually do at your environment.
Access via Postman¶
You can access Rogue MCP Inspection via Wallarm Rogue MCP (Wallarm's MCP server), which is easily accessible via Postman. Scenario:
-
In Postman, you add the Wallarm Rogue MCP server to your Workspace.
-
With Postman's AI Agent, you just ask to inspect your local machine for the rogue MCP.
-
Agent spends 2 minutes learning your PC and responds with the report covering:
- This is what can be misused by MCPs on your computer
- This is how to fix that
This feature is free.
Requirements¶
- Postman Desktop Agent locally installed and running on your computer and connected to Postman - needed to run MCP inspection on your computer right from the Postman interface.
1. Add Wallarm's MCP server¶
-
In Postman, access its AI Agent.
-
In AI Agent panel, click Configure ("gear"), and select Configure MCP servers.
-
In displayed MCP Servers tab, click Add ("plus") and do one of the following:
- Select Wallarm Rogue MCP from the list of the featured MCP servers
-
Or just click Edit config and save the following to it:
WALLARM_API_TOKEN
WALLARM_API_TOKENis not required for the Rogue MCP Inspection but is needed for using the other tools of Wallarm's MCP server.
2. Ask to inspect for rogue MCP¶
With Wallarm's MCP server in place, tell Postman's AI Agent to check for rogue MCP. The check will take about couple of minutes.
3. Learn the result¶
Postman's AI Agent will give you an answer with the test results and suggested mitigation measures in case if any security issues were found.
Other tools¶
Besides Rogue MCP Inspection, Wallarm Rogue MCP provides other tools for security testing, such as API Security Testing via Postman—safe, passive testing of Postman collections for auth gaps, data leaks, and design-level issues.