Back to Browse
Free
Server data from the Official MCP Registry
Compliance & security scan for your app: secrets, exposed files, headers, privacy, AI-disclosure.
About
Compliance & security scan for your app: secrets, exposed files, headers, privacy, AI-disclosure.
Remote endpoints: streamable-http: https://mcp.launchtrust.co/mcp
Security Report
6.2
Moderate6.2Moderate RiskLaunchTrust MCP is a well-designed remote compliance scanning server with proper authentication layering, good input validation, and appropriate CORS protections. Authentication is correctly scoped—free tools work without credentials, premium tools require Bearer tokens forwarded to the backend. No hardcoded secrets, malicious patterns, or dangerous operations detected. Minor code quality observations around error handling breadth do not materially impact security. Supply chain analysis found 2 known vulnerabilities in dependencies (0 critical, 2 high severity).
7 files analyzed · 6 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
Permissions Required
This plugin requests these system permissions. Most are normal for its category.
How to Install & Connect
Available as Local & Remote
This plugin can run on your machine or connect to a hosted endpoint. during install.
Documentation
View on GitHubFrom the project's GitHub README.
LaunchTrust MCP
Run a compliance + security scan on your app — without leaving Claude Code.
LaunchTrust scans a public URL for the compliance and security gaps that get indie apps rejected or fined — leaked frontend API keys, exposed .env/.git, missing privacy/terms pages, absent security headers, undisclosed AI interactions, tracker/cookie issues — mapped to 39 jurisdictions (EU AI Act, GDPR, US state privacy laws, app-store policies).
It's a remote, hosted MCP server — nothing to install, build, or run. Add the URL and go.
⚖️ Compliance aid, not legal advice. Not a certification of compliance.
Install (Claude Code)
claude mcp add --transport http launchtrust https://mcp.launchtrust.co/mcp
Then ask Claude:
"Scan https://my-app.com for compliance and security issues."
Works in any MCP client that supports remote Streamable HTTP servers (Claude Code, Claude Desktop, …).
What the free scan checks
scan_url runs a focused, high-signal subset of detectors against any public URL — no account needed:
- 🔑 Leaked frontend API keys / secrets
- 📂 Exposed
.env/.git/ config files - 🛡️ Security headers (CSP, HSTS, X-Frame-Options, …) + HTTPS/HSTS
- 📄 Missing privacy / terms pages
- 🤖 Undisclosed AI interactions
- 🍪 Trackers / cookie-consent
The result is plain text, unsigned and not stored.
Tools
Free — no account
| Tool | Description |
|---|---|
scan_url | Quick compliance + security scan of any public URL. |
list_jurisdictions | Jurisdictions & categories covered (EU AI Act, GDPR, US states, app stores). |
get_compliance_rules | Sourced compliance rule snapshots, filterable by jurisdiction. |
verify_record | Independently verify the ES256 signature on a LaunchTrust signed record. |
Account — needs a token
The full version runs all 27 detectors across 39 jurisdictions, stores a signed, dated evidence record, and monitors continuously. Connect with your LaunchTrust token:
claude mcp add --transport http launchtrust https://mcp.launchtrust.co/mcp \
--header "Authorization: Bearer lt_pat_..."
| Tool | Description |
|---|---|
register_app | Register a web app to scan & monitor (idempotent). |
scan_app | Full 27-detector signed scan of a registered app. |
get_scan_history | Recent scans for an app. |
get_market_report | Findings annotated by your target-market jurisdictions. |
list_my_apps | Your registered apps + latest status. |
Get a token at launchtrust.co.
Use in other MCP clients
LaunchTrust is a standard remote (Streamable HTTP) MCP server — it works in any MCP-compatible client, not just Claude Code.
Codex CLI — add to ~/.codex/config.toml:
[mcp_servers.launchtrust]
url = "https://mcp.launchtrust.co/mcp"
Gemini CLI — add to ~/.gemini/settings.json:
{
"mcpServers": {
"launchtrust": { "httpUrl": "https://mcp.launchtrust.co/mcp" }
}
}
Cursor, Windsurf, and others — point them at the remote URL https://mcp.launchtrust.co/mcp (Streamable HTTP).
For the account-gated tools, pass your token as an Authorization: Bearer lt_pat_... header (Claude Code: --header; Codex: http_headers = { Authorization = "Bearer lt_pat_..." }; Gemini: "headers": { "Authorization": "Bearer lt_pat_..." }).
How it works
- Transport: stateless Streamable HTTP (MCP spec
2025-11-25) atPOST /mcp. - Privacy: the free scan stores nothing — it fetches your URL, runs detectors, returns findings. Premium scans store a signed record under your account only.
- Honesty: it never invents findings. Every result traces to what was actually on the page, and it reports mechanical signals (
detected/not_detected) — never a verdict of "compliant".
Links
- 🌐 Website — https://launchtrust.co
- ✅ Verify a signed record — https://launchtrust.co/verify
Development
Zero-dependency Cloudflare Worker; a thin client over the LaunchTrust API.
npm install
npm run typecheck
npm run dev # wrangler dev — POST http://localhost:8787/mcp
npm run deploy # wrangler deploy (custom domain in wrangler.toml)
LaunchTrust is a compliance aid, not legal advice, and is not a certification of compliance with any law.
Reviews
No reviews yet
Be the first to review this server!
More Developer Tools MCP Servers
Fetch
Freeby Modelcontextprotocol · Developer Tools
Web content fetching and conversion for efficient LLM usage
80.0K
Stars
4
Installs
5.3
Security
No ratings yet
Local
Git
Freeby Modelcontextprotocol · Developer Tools
Read, search, and manipulate Git repositories programmatically
80.0K
Stars
6
Installs
6.5
Security
No ratings yet
Local
Toleno
Freeby Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
137
Stars
524
Installs
8.0
Security
4.8
Local