MCP Tool-Poisoning & Prompt-Injection Manifest Scanner

A tool's description is read by the model but rarely by the user — which makes it the ideal place to hide instructions. This scanner flags tool-poisoning and prompt-injection smells in a description or manifest: instruction overrides, hidden zero-width unicode, role-play framing, model-directed directives, tool-shadowing, and exfiltration hints. It maps to OWASP ASI01 — Agent Goal Hijack.

⚠ This is a heuristic signal generator, not a verdict. A flag means "a human should read this line," not "this is malicious." Legitimate descriptions can trip patterns; review in context.

Tool Poisoning OWASP ASI01 Zero PII Client-Side · No Network

Scope & reliance — 🔒 All inputs are processed locally in your browser. No data is transmitted. Do not enter real personal data — use synthetic or anonymised inputs only. Pattern/heuristic scan only — flags are signals for human review, never proof of malice. Deterministic · zero PII · CC BY 4.0.

▸ Paste a tool description or manifest to scan

Paste the description text, a full tool definition, or a server manifest. A deliberately-poisoned example is pre-loaded.