# AI-Infra-Guard — Scan MCP Servers and AI Stacks

> AI-Infra-Guard runs a web UI + scanners that assess MCP servers, agent skills, and AI infra components for security risks, CVEs, and jailbreak exposure.

## Install

Save as a script file and run:

## Quick Use

1. Deploy with pre-built Docker images:
   ```bash
   git clone https://github.com/Tencent/AI-Infra-Guard.git
   cd AI-Infra-Guard
   docker-compose -f docker-compose.images.yml up -d
   ```
2. Open the UI:
   ```
   http://localhost:8088
   ```
3. (Alternative) One-click install script:
   ```bash
   curl https://raw.githubusercontent.com/Tencent/AI-Infra-Guard/refs/heads/main/docker.sh | bash
   ```

## Intro

AI-Infra-Guard runs a web UI + scanners that assess MCP servers, agent skills, and AI infra components for security risks, CVEs, and jailbreak exposure.

- **Best for:** security reviews for AI agent stacks: MCP servers, skills, and local AI services
- **Works with:** Docker 20.10+, Docker Compose, local or staged environments (no public exposure recommended)
- **Setup time:** 30–90 minutes

## Practical Notes

- Data point: README lists baseline resources: 4GB+ RAM and 10GB+ disk.
- Data point: the default UI address is `http://localhost:8088`.

## Pattern: scan before you connect

For MCP servers and agent skills, scan *before* you wire them into your agent runtime:
- remote URL scan for third-party repos,
- source scan for internal forks,
- and keep an allowlist of approved servers.

## Deployment note

The README notes the project lacks an authentication mechanism and should not be deployed on public networks. Use a local/staging environment and restrict access.

### FAQ

**Q: Is it open-source?**
A: Yes. The repo is Apache-2.0 licensed.

**Q: Can it scan MCP servers?**
A: Yes. The README lists MCP server & agent skills scanning capabilities.

**Q: Is it safe to expose publicly?**
A: The README warns it lacks auth; keep it off public networks.

## Source & Thanks

> Source: https://github.com/Tencent/AI-Infra-Guard
> License: Apache-2.0
> GitHub stars: 3,657 · forks: 363

---

<!-- ZH -->

## 快速使用

1. 用预构建镜像部署：
   ```bash
   git clone https://github.com/Tencent/AI-Infra-Guard.git
   cd AI-Infra-Guard
   docker-compose -f docker-compose.images.yml up -d
   ```
2. 打开 Web UI：
   ```
   http://localhost:8088
   ```
3.（备选）一键安装脚本：
   ```bash
   curl https://raw.githubusercontent.com/Tencent/AI-Infra-Guard/refs/heads/main/docker.sh | bash
   ```

## 简介

AI-Infra-Guard 提供 Web UI 与扫描能力：覆盖 MCP server、agent skills 与 AI 基础设施组件的安全风险、CVE 漏洞与 jailbreak 暴露面。

- **适合谁：** 需要审计 AI agent 技术栈（MCP server、skills、本地 AI 服务）的安全团队
- **可搭配：** Docker 20.10+、Docker Compose、本地或内网环境（不建议公网暴露）
- **准备时间：** 30–90 分钟

## 实战建议

- 数据点：README 给出基础资源：内存 4GB+、磁盘 10GB+。
- 数据点：默认 UI 地址为 `http://localhost:8088`。

## 常用打法：接入之前先扫描

对 MCP server 与 agent skills，建议在接入运行时之前先做扫描：
- 第三方用远程 URL 扫描，
- 内部 fork 用源码扫描，
- 建一个“允许接入”的白名单。

## 部署提示

README 提到当前缺少认证机制，不应部署到公网。建议在本地/内网 staging 跑，并限制访问范围。

### FAQ

**开源吗？**
答：是的，仓库为 Apache-2.0。

**能扫 MCP server 吗？**
答：能。README 明确列出了 MCP server 与 agent skills 的扫描能力。

**适合公网部署吗？**
答：README 警告缺少认证机制，别放到公网。

## 来源与感谢

> Source: https://github.com/Tencent/AI-Infra-Guard
> License: Apache-2.0
> GitHub stars: 3,657 · forks: 363


---
Source: https://tokrepo.com/en/workflows/ai-infra-guard-scan-mcp-servers-and-ai-stacks
Author: Agent Toolkit