mcp-zap-server (dtkmn)
Self-hosted OWASP ZAP MCP operator exposing guided web security scans, findings, reports, and production guardrails.
🛡️ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for mcp-zap-server (dtkmn), derived from its capabilities.
These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.
Overview
mcp-zap-server gives AI agents a safe, self-hosted OWASP ZAP operator over streamable HTTP so they can run operator-controlled web security scans, retrieve findings, generate reports, and stay within production guardrails. It emphasizes controlled, guided scanning rather than unconstrained attacks. As a DAST control surface, its guardrails and scoping are the key security features.
Key features
- Self-hosted OWASP ZAP operator
- Guided scans with findings and reports
- Production guardrails
Use cases
- Agent-driven DAST scanning of a web app
- Generate ZAP findings and reports on demand