MCP Preflight
MCP Preflight brings the local static scan into the editor.
Use it to review MCP config, prompt text, tool descriptions, and repo manifests without leaving VS Code or Cursor.
The default scan is local and static. It does not connect to the server or execute tools.
Fast start
- Install MCP Preflight from the VS Code Marketplace or Open VSX.
- Open the workspace you want to review.
- Open MCP Preflight from the activity bar, or click the status item.
- Run a workspace scan or current-file scan.
- Review the findings in the sidebar, overview, and Problems panel.
Lite does not require an account, and the scan stays local.
What the extension adds
- a dedicated MCP Preflight sidebar
- workspace scan
- current-file scan
- Problems panel diagnostics
- readable fix guidance
- built-in license, review, and support actions
Commands
MCP Preflight: Open OverviewMCP Preflight: Open SidebarMCP Preflight: Scan WorkspaceMCP Preflight: Scan Current FileMCP Preflight: Show Fix RecipesMCP Preflight: Install Pro LicenseMCP Preflight: Show License StatusMCP Preflight: Show Local ActivityMCP Preflight: Upgrade to ProMCP Preflight: Leave a ReviewMCP Preflight: Get Help
What it reviews
- hardcoded secrets and private key material
- token passthrough and broad environment inheritance
- unsafe shell wrappers and ephemeral launchers
- unpinned dependencies and missing lockfiles
- prompt-injection and tool-poisoning indicators
- insecure transport, credential-bearing URLs, and sensitive remote targets
- broad filesystem or network scope in MCP launch arguments
- invalid MCP config and malformed suppression files
Lite and Pro
- Lite gives you the core static scan, local suppression files, and the editor workflow.
- Pro adds reports, CI mode, Git hooks, and policy presets.
- Pro stays local too. It is unlocked with a signed local license token.
Read more
| |
