MCP server configs for widely used tools like Claude Desktop, Cursor, and VS Code have become an active supply chain attack surface — as demonstrated by the MCPoison and ContextCrush incidents — and MCPConfigCheck provides the first dedicated, zero-install scanner for these files.