External analysis server returning 500 Internal Server Error - preventing security scanning

[antigenius0910]

Problem

The mcp-scan tool is unable to perform security analysis due to 500 Internal Server Error responses from the external analysis server (invariantlabs.ai API). This affects both the official release and local builds.

Steps to Reproduce

1. Run mcp-scan on any MCP configuration file:

   uvx mcp-scan@latest --verbose [config-file-path]

2. Observe that all tools show: [X001]: could not reach analysis server Error: 500 - Internal Server Error

Expected Behavior

• Tools should be analyzed for security vulnerabilities
• Should receive security analysis results from the external API
• Tools should show security status (safe/vulnerable) instead of 500 errors

Actual Behavior

• All tools show X001 errors with "500 - Internal Server Error"
• No security analysis is performed
• Tool discovery works correctly, but vulnerability analysis fails

Environment

• mcp-scan version: v0.3.2 (latest)
• OS: macOS
• Configuration: Multiple MCP servers (Slack, Obsidian, GitHub, Serena)
• Total tools affected: 40+ tools across all servers

Additional Context

• Tool discovery and enumeration works perfectly
• The issue appears to be with the external analysis API endpoint
• Both --opt-out and regular modes show the same external API issues
• This prevents users from getting the core security analysis functionality

Impact

• Users cannot identify security vulnerabilities in their MCP configurations
• The primary security scanning functionality is unavailable
• Tool inventory works, but security analysis is completely blocked

[antigenius0910]

● Scanning /Users/yen/Library/Application Support/Code/User/globalStorage/saoudrizwan.claude-dev/settings/cline_mcp_settings.json found 4 servers
│
├── github.com/korotovsky/slack-mcp-server
│   ├── resource Directory of Slack cha...  [X001]: could not reach analysis server Error: 500 - Internal Server Error
│   ├── resource Directory of Slack users   [X001]: could not reach analysis server Error: 500 - Internal Server Error
│   ├── tool     channels_list              [X001]: could not reach analysis server Error: 500 - Internal Server Error
│   ├── tool     conversations_add_message  [X001]: could not reach analysis server Error: 500 - Internal Server Error
│   ├── tool     conversations_history      [X001]: could not reach analysis server Error: 500 - Internal Server Error
│   ├── tool     conversations_replies      [X001]: could not reach analysis server Error: 500 - Internal Server Error
│   └── tool     conversations_search_m...  [X001]: could not reach analysis server Error: 500 - Internal Server Error
├── github.com/smithery-ai/mcp-obsidian
│   ├── tool     read_notes                 [X001]: could not reach analysis server Error: 500 - Internal Server Error
│   └── tool     search_notes               [X001]: could not reach analysis server Error: 500 - Internal Server Error
├── github.com/github/github-mcp-server could not start server
└── serena
    ├── tool     restart_language_server    [X001]: could not reach analysis server Error: 500 - Internal Server Error
    ├── tool     read_file                  [X001]: could not reach analysis server Error: 500 - Internal Server Error
    ├── tool     create_text_file           [X001]: could not reach analysis server Error: 500 - Internal Server Error
    ├── tool     list_dir                   [X001]: could not reach analysis server Error: 500 - Internal Server Error
    ├── tool     find_file                  [X001]: could not reach analysis server Error: 500 - Internal Server Error
    ├── tool     get_symbols_overview       [X001]: could not reach analysis server Error: 500 - Internal Server Error
    ├── tool     find_symbol                [X001]: could not reach analysis server Error: 500 - Internal Server Error
    ├── tool     find_referencing_symbols   [X001]: could not reach analysis server Error: 500 - Internal Server Error
    ├── tool     replace_symbol_body        [X001]: could not reach analysis server Error: 500 - Internal Server Error
    ├── tool     insert_after_symbol        [X001]: could not reach analysis server Error: 500 - Internal Server Error
    ├── tool     insert_before_symbol       [X001]: could not reach analysis server Error: 500 - Internal Server Error
    ├── tool     replace_regex              [X001]: could not reach analysis server Error: 500 - Internal Server Error
    ├── tool     delete_lines               [X001]: could not reach analysis server Error: 500 - Internal Server Error
    ├── tool     replace_lines              [X001]: could not reach analysis server Error: 500 - Internal Server Error
    ├── tool     insert_at_line             [X001]: could not reach analysis server Error: 500 - Internal Server Error
    ├── tool     check_onboarding_perfo...  [X001]: could not reach analysis server Error: 500 - Internal Server Error
    ├── tool     onboarding                 [X001]: could not reach analysis server Error: 500 - Internal Server Error
    ├── tool     write_memory               [X001]: could not reach analysis server Error: 500 - Internal Server Error
    ├── tool     read_memory                [X001]: could not reach analysis server Error: 500 - Internal Server Error
    ├── tool     list_memories              [X001]: could not reach analysis server Error: 500 - Internal Server Error
    ├── tool     delete_memory              [X001]: could not reach analysis server Error: 500 - Internal Server Error
    ├── tool     think_about_collected_...  [X001]: could not reach analysis server Error: 500 - Internal Server Error
    ├── tool     think_about_task_adher...  [X001]: could not reach analysis server Error: 500 - Internal Server Error
    ├── tool     think_about_whether_yo...  [X001]: could not reach analysis server Error: 500 - Internal Server Error
    ├── tool     summarize_changes          [X001]: could not reach analysis server Error: 500 - Internal Server Error
    ├── tool     prepare_for_new_conver...  [X001]: could not reach analysis server Error: 500 - Internal Server Error
    ├── tool     search_for_pattern         [X001]: could not reach analysis server Error: 500 - Internal Server Error
    ├── tool     execute_shell_command      [X001]: could not reach analysis server Error: 500 - Internal Server Error
    ├── tool     activate_project           [X001]: could not reach analysis server Error: 500 - Internal Server Error
    ├── tool     remove_project             [X001]: could not reach analysis server Error: 500 - Internal Server Error
    ├── tool     switch_modes               [X001]: could not reach analysis server Error: 500 - Internal Server Error
    ├── tool     get_current_config         [X001]: could not reach analysis server Error: 500 - Internal Server Error
    └── tool     initial_instructions       [X001]: could not reach analysis server Error: 500 - Internal Server Error

[lbeurerkellner]

Thanks a lot for reporting. Can you run a scan as below for a potential fix?

uvx mcp-scan@latest --base-url https://preview-mcp.invariantlabs.ai

[antigenius0910]

@lbeurerkellner

It is very interesting. with

uvx mcp-scan@latest --base-url https://preview-mcp.invariantlabs.ai

I have 2 macbook and it works on one but not the other

 > time uvx mcp-scan@latest "/Users/yen.chuang/Library/Application Support/Code/User/globalStorage/saoudrizwan.claude-dev/settings/cline_mcp_settings.json" --base-url https://preview-mcp.invariantlabs.ai --opt-out
Installed 69 packages in 465ms
Invariant MCP-scan v0.3.3

● Scanning /Users/yen.chuang/Library/Application Support/Code/User/globalStorage/saoudrizwan.claude-dev/settings/cline_mcp_settings.json found 10 servers
│
├── github.com/modelcontextprotocol/servers/tree/main/src/gitlab
│   ├── tool     search_repositories        [X001]: could not reach analysis server Error: 500 - Internal Server Error

vs

> time uvx mcp-scan@latest "/Users/yen/Library/Application Support/Code/User/globalStorage/saoudrizwan.claude-dev/settings/cline_mcp_settings.json" --base-url https://preview-mcp.invariantlabs.ai --opt-out
Installed 69 packages in 120ms
Invariant MCP-scan v0.3.3

● Scanning /Users/yen/Library/Application Support/Code/User/globalStorage/saoudrizwan.claude-dev/settings/cline_mcp_settings.json found 4 servers
│
├── github.com/korotovsky/slack-mcp-server
│   ├── resource Directory of Slack cha... ✅
│   ├── resource Directory of Slack users  ✅
│   ├── tool     channels_list             ✅
│   ├── tool     conversations_add_message ✅
│   ├── tool     conversations_history     ✅
│   ├── tool     conversations_replies     ✅
│   └── tool     conversations_search_m... ✅
├── github.com/smithery-ai/mcp-obsidian
│   ├── tool     read_notes                ✅
│   └── tool     search_notes              ✅
├── github.com/github/github-mcp-server could not start server
└── serena
    ├── tool     restart_language_server   ✅
    ├── tool     list_dir                  ⚠️  [W001]: Tool description contains dangerous words that could be used for prompt injection

[bramstes]

I observe the same issue on a Linux Debian (trivy/testing).
Only getting the [X001]: could not reach analysis server Error: 500 - Internal Server Error.
Both with and without the suggested base-url.
Not sure it's related but in verbose mode it see errors with the tool not finding Prompts and Resources for certain servers followed by and McpError: Method not found. There aren't any prompts or resources in these servers only tools.

Regards.

[dillonius01]

I'm also seeing the same issue consistently where all tool analysis returns:

[X001]: could not reach analysis server Error: 500 - Internal Server Error

Running uvx mcp-scan@latest inspect does properly list the tools and descriptions of the MCP server I'm trying to analyze. I'll also note that the --verbose flag is failing on current latest (v0.3.8) with this error:

AttributeError: module 'rich' has no attribute 'Console'. Did you mean: 'console'?

Running on v0.3.1 allowed me to get verbose logging working.