mcp-scan audits MCP servers for security flaws

It shifts MCP security left by scanning the configuration before an agent trusts the server. Auto-detecting configurations where developers keep MCP settings makes the scanner practical, and the 10 parallel scanners cover prompt injection, typosquatting, malicious packages, transport security, and dependency CVEs. Integration with CI via SARIF output allows teams to add security gates without changing their existing workflow. The latest v1.0.2 release adds Gemini CLI and project-local config support.