Disclaimer

Effective Date: 2025-01-01

Last Updated: 2025-01-01

This Disclaimer ("Disclaimer") applies to your use of the MCPhacker security scanning platform, website, APIs, and all related services (collectively, the "Service") operated by MCPhacker ("we," "us," "our," or "MCPhacker").

By accessing or using the Service, you acknowledge that you have read, understood, and agree to this Disclaimer. This Disclaimer is incorporated into and subject to our Terms of Service.

1. Security Tool Disclaimer

1.1 No Guarantee of Complete Security

MCPhacker is an automated security scanning tool designed to assist in identifying potential vulnerabilities in MCP (Model Context Protocol) servers. The Service does not and cannot guarantee the detection of all vulnerabilities, security weaknesses, or threats present in any system, server, application, or endpoint that is scanned.

Security vulnerabilities are diverse, evolving, and context-dependent. No automated scanning tool, including MCPhacker, is capable of detecting every possible vulnerability type, configuration issue, logical flaw, or security weakness. The absence of reported vulnerabilities in Scan Results does not mean that the scanned system is secure, free of vulnerabilities, or compliant with any security standard or regulation.

1.2 Inherent Limitations of Automated Scanning

Automated security scanning has inherent limitations, including but not limited to:

Scope Limitations: The Service tests for a defined set of vulnerability categories and attack vectors. Vulnerabilities outside of this scope, including novel or zero-day vulnerabilities, custom application logic flaws, business logic vulnerabilities, and complex multi-step attack chains, may not be detected.
Environmental Factors: Scan results may vary based on network conditions, server configuration, load, timing, rate limiting by the target, firewall rules, and other environmental factors that are outside of MCPhacker's control.
Protocol-Specific Constraints: The Service is designed for MCP servers and their associated protocols. The effectiveness of scans depends on the MCP implementation, version, configuration, and available attack surface of the target.
Time-Point Assessment: A scan represents a point-in-time assessment. Security posture can change at any moment due to configuration changes, software updates, new vulnerability disclosures, or emerging attack techniques.

1.3 Not a Substitute for Comprehensive Security

The Service is intended to supplement, not replace, comprehensive security measures. A robust security program should include, but is not limited to:

Professional manual penetration testing by qualified security professionals.
Code review and static analysis.
Continuous security monitoring and incident response.
Security architecture review.
Employee security awareness training.
Compliance audits and assessments.
Regular vulnerability management and patching.

2. Zero-Knowledge Architecture Disclaimer

2.1 Encrypted Scan Data

MCPhacker is designed with a zero-knowledge architecture. All sensitive scan data, including scan targets, scan configurations, scan results, and vulnerability findings, is encrypted client-side in your browser before transmission to our servers. MCPhacker stores only encrypted blobs and does not have access to your encryption passphrase or the ability to decrypt your scan data.

2.2 Platform Cannot Verify Scan Content

Due to the zero-knowledge architecture, MCPhacker cannot and does not monitor, inspect, verify, or have access to the content of your scans. This means:

We cannot verify the legitimacy or authorization status of your scan targets.
We cannot review or validate the accuracy of scan results.
We cannot determine whether scans are being used for authorized security testing or malicious purposes.
We cannot moderate or filter scan content for compliance with laws, regulations, or our policies.
We cannot provide technical support that requires inspection of your scan data.

2.3 No Responsibility for Encrypted Content

MCPhacker shall not be held responsible or liable for:

The content, nature, or purpose of scans conducted through the Service, as we do not have access to this information.
Unauthorized or illegal scanning activities conducted by users, as we cannot detect or prevent such activities due to encryption.
The accuracy, completeness, or reliability of encrypted scan results, as we cannot inspect or verify them.
Any actions taken by users based on scan results, as we do not have visibility into those results.
Any misuse of the Service for unauthorized security testing or malicious purposes, as such misuse cannot be detected through our zero-knowledge architecture.

2.4 User Sole Responsibility

You are solely responsible for the content of your scans, the authorization status of your scan targets, and your compliance with all applicable laws and regulations. The zero-knowledge architecture enhances your privacy but also places complete responsibility on you for the lawful and ethical use of the Service.

2.5 Passphrase Loss and Data Inaccessibility

MCPhacker cannot recover or reset your encryption passphrase. If you forget your passphrase:

All of your encrypted scan data will become permanently inaccessible.
We cannot decrypt your data or provide access to it.
We cannot reset or recover your passphrase through any technical or administrative means.
You acknowledge that this data loss is permanent and irreversible.

MCPhacker shall not be liable for any data loss, business interruption, or other damages resulting from forgotten or lost encryption passphrases.

3. No Professional Security Advice

3.1 Tool, Not Advisor

MCPhacker provides a security scanning tool. The Service does not provide professional security advice, consulting, or recommendations tailored to your specific situation, business requirements, regulatory obligations, or risk tolerance.

Scan Results, vulnerability ratings, severity assessments, and remediation suggestions generated by the Service are produced through automated processes and should be treated as informational starting points for further investigation, not as definitive professional security advice.

3.2 No Professional Relationship

Your use of the Service does not create a professional advisor-client relationship, consultant-client relationship, or any fiduciary relationship between you and MCPhacker. MCPhacker does not owe you any professional duty of care beyond the terms of the Terms of Service.

3.3 Consult Qualified Professionals

For security decisions with significant implications for your organization, systems, data, or regulatory compliance, you should consult with qualified cybersecurity professionals, legal counsel, and compliance experts who can assess your specific circumstances and provide tailored advice.

4. Results Accuracy

4.1 Best-Effort Analysis

Scan Results are generated on a best-effort basis using automated scanning techniques and algorithms. While we strive to provide accurate and useful results, we make no representations or warranties regarding the accuracy, completeness, reliability, or timeliness of any Scan Results.

4.2 False Positives

Scan Results may include false positives -- reports of vulnerabilities that do not actually exist or do not pose a real security risk in the context of the scanned system. False positives can occur due to:

Misinterpretation of server responses.
Overly broad detection rules.
Unusual but benign server configurations.
Network intermediaries (proxies, load balancers, WAFs) that modify responses.
Differences between the testing methodology and actual exploitability.

4.3 False Negatives

Scan Results may contain false negatives -- failures to detect vulnerabilities that actually exist. False negatives can occur due to:

Vulnerabilities outside the scope of the Service's detection capabilities.
Server-side protections that mask or mitigate vulnerabilities during scanning.
Rate limiting or blocking by the target server that prevents complete testing.
Complex vulnerabilities that require manual testing or specific conditions to detect.
Novel vulnerability types not yet included in the scanning engine.
Timing-dependent or race-condition vulnerabilities.
Authentication-specific vulnerabilities that require deeper access levels.

4.4 Severity Ratings

Vulnerability severity ratings (e.g., Critical, High, Medium, Low, Informational) are assigned based on automated analysis and industry frameworks. These ratings are general assessments and may not accurately reflect the actual risk or impact of a vulnerability in the specific context of your system, environment, or organization. Factors such as compensating controls, network architecture, data sensitivity, and business context can significantly affect the real-world risk of a given vulnerability.

4.5 User Responsibility to Validate

You are solely responsible for independently validating all Scan Results, including verifying the existence of reported vulnerabilities, assessing their actual severity and impact in your specific context, and determining appropriate remediation actions. MCPhacker is not responsible for any actions you take or fail to take based on Scan Results.

5. Third-Party AI Disclaimer

5.1 AI-Generated Analysis

The Service utilizes third-party artificial intelligence models (accessed via the OpenRouter API) to analyze scan data and generate vulnerability insights, security assessments, and remediation suggestions. This AI-generated analysis is provided for informational purposes only.

5.2 Limitations of AI Analysis

AI-generated analysis is subject to the following limitations:

Accuracy: AI models may produce incorrect, incomplete, misleading, or fabricated ("hallucinated") information. AI-generated vulnerability descriptions, severity assessments, and remediation suggestions should be independently verified by qualified personnel.
Context Understanding: AI models may lack sufficient context about your specific system, environment, business requirements, or security posture to provide fully accurate or relevant analysis.
Model Variability: The AI models used for analysis may change over time as providers update their models. This may result in different analysis outputs for the same scan data at different times.
Bias and Limitations: AI models may reflect biases present in their training data or have limitations in their understanding of certain vulnerability types, protocols, or technologies.
Not Professional Advice: AI-generated analysis does not constitute professional security advice and should not be relied upon as the sole basis for security decisions.

5.3 Third-Party Processing — IMPORTANT

AI analysis is an optional feature that is disabled by default. By explicitly enabling AI analysis for a scan, you acknowledge and consent to the following:

Scan data (including target URLs, scan findings, and vulnerability details) is transmitted in plaintext to third-party AI model providers (via OpenRouter) for analysis. This transmission occurs before client-side encryption.
MCPhacker uses a preset configuration on OpenRouter, meaning your data may be routed to various large language model (LLM) providers selected by OpenRouter. MCPhacker does not control which specific AI model processes your data.
MCPhacker does not control how these third-party providers process, store, retain, or use your data during or after the analysis phase.
Once data is transmitted to third-party AI providers, MCPhacker cannot guarantee its deletion, confidentiality, or security as it is outside our infrastructure and control.
If you are concerned about data privacy, do not enable AI analysis. The core scanning engine operates entirely locally without transmitting data to any third party. Only the optional AI analysis feature involves third-party data sharing.

By enabling AI analysis, you accept full responsibility for any consequences arising from the transmission of your scan data to third-party AI services. MCPhacker is not liable for any data breach, unauthorized access, data retention, or misuse of data by third-party AI providers.

Please refer to our Privacy Policy for more information about third-party data sharing.

5.4 Recommendation

For maximum privacy, MCPhacker recommends using the scanner without AI analysis enabled. The core scanning engine provides comprehensive vulnerability detection across 60+ attack vectors without transmitting any data to third parties. AI analysis is an enhancement, not a requirement.

5.5 Legal Framework and Governing Law for AI Data Sharing

The provisions of this Section 5 regarding third-party AI data processing are governed by and shall be construed in accordance with the laws of the State of Delaware, United States of America, and applicable federal law, including but not limited to:

Section 230 of the Communications Decency Act (47 U.S.C. § 230): MCPhacker acts as a platform that facilitates access to third-party AI services. Pursuant to Section 230, MCPhacker shall not be treated as the publisher or speaker of any AI-generated content produced by third-party AI model providers. MCPhacker is not liable for the outputs, errors, omissions, or actions of third-party AI services accessed through the Service.
Federal Trade Commission Act (15 U.S.C. § 45): MCPhacker provides clear and conspicuous disclosure of its AI data sharing practices in this Disclaimer, its Privacy Policy, and through in-app consent mechanisms. By explicitly enabling AI analysis after receiving these disclosures, you provide informed consent to the transmission of your scan data to third-party AI providers.
Stored Communications Act (18 U.S.C. § 2701 et seq.): You acknowledge that by voluntarily enabling AI analysis, you are providing lawful consent to the disclosure of your scan data to third-party AI service providers for the purpose of analysis. This consent satisfies the requirements of the Stored Communications Act regarding disclosure of electronic communications.
Delaware Uniform Electronic Transactions Act (6 Del. C. § 12A-101 et seq.): Your electronic consent to AI data sharing, provided through the in-app toggle mechanism, constitutes a valid and enforceable agreement under Delaware law.

By enabling AI analysis, you acknowledge that you have been fully informed of the data sharing implications, that you are providing consent voluntarily, and that this consent is governed by the laws of the State of Delaware and applicable United States federal law. Any dispute arising from AI data processing shall be subject to the jurisdiction and dispute resolution provisions set forth in our Terms of Service.

MCPhacker reserves all rights and defenses available under United States federal and state law, including but not limited to the protections afforded by Section 230 of the Communications Decency Act, with respect to any claims arising from the use of third-party AI services.

5.6 No Endorsement

MCPhacker's use of third-party AI models does not constitute an endorsement of those models, their providers, or the accuracy of their outputs.

6. User Responsibility

6.1 Independent Verification

You acknowledge and agree that you are solely responsible for:

Independently verifying all Scan Results, including both the existence of reported vulnerabilities and the absence of unreported vulnerabilities.
Assessing the actual risk and impact of any identified vulnerabilities in the context of your specific systems and environment.
Determining whether and how to remediate any identified vulnerabilities.
Ensuring that any remediation actions you take are appropriate, effective, and do not introduce new issues.
Maintaining the overall security posture of your systems, regardless of Scan Results.

6.2 Decision Making

All decisions regarding your security posture, vulnerability remediation, system configuration, and risk management are your responsibility. MCPhacker provides information through the Service, but acting on that information is entirely your choice and responsibility. You should exercise your own judgment and, where appropriate, seek professional advice before making security decisions based on Scan Results.

6.3 Authorization and Compliance

You are solely responsible for ensuring that:

You have proper authorization to scan all Scan Targets.
Your use of the Service complies with all applicable laws and regulations.
Your use of Scan Results complies with all applicable laws, regulations, and contractual obligations.
You follow responsible disclosure practices if you discover vulnerabilities in systems owned by third parties (even if you have authorization to scan them).

7. No Liability for Damages from Scan Results

7.1 Actions Based on Scan Results

MCPhacker shall not be liable for any damages, losses, costs, or expenses arising from or related to:

Actions you take based on Scan Results, including remediation efforts, system changes, or configuration modifications.
Actions you fail to take based on Scan Results, including failure to remediate reported vulnerabilities.
Decisions made in reliance on AI-generated analysis or recommendations.
Security incidents that occur despite having performed scans using the Service.
Business interruptions, data loss, or system outages resulting from remediation actions taken based on Scan Results.

7.2 Impact on Scan Targets

MCPhacker shall not be liable for any impact that security scanning may have on Scan Targets, including but not limited to:

Temporary performance degradation or increased latency on the Scan Target.
Log file entries, alerts, or notifications generated on the Scan Target as a result of the scan.
Any unintended side effects of security testing payloads sent to the Scan Target.
Triggering of security monitoring, intrusion detection, or incident response processes on the Scan Target.

You acknowledge that security scanning inherently involves sending test requests to the Scan Target, which may have observable effects on the target system. It is your responsibility to understand and accept these potential impacts before initiating a scan.

8. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, MCPHACKER, ITS OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, AFFILIATES, LICENSORS, AND SERVICE PROVIDERS SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, DATA, USE, GOODWILL, OR OTHER INTANGIBLE LOSSES, RESULTING FROM:

YOUR USE OF OR INABILITY TO USE THE SERVICE.
ANY SCAN RESULTS OR AI-GENERATED ANALYSIS PROVIDED BY THE SERVICE.
UNAUTHORIZED ACCESS TO OR ALTERATION OF YOUR TRANSMISSIONS OR DATA.
STATEMENTS OR CONDUCT OF ANY THIRD PARTY ON THE SERVICE.
ANY SECURITY BREACH OR INCIDENT THAT OCCURS DESPITE YOUR USE OF THE SERVICE.
ANY OTHER MATTER RELATED TO THE SERVICE.

THIS LIMITATION APPLIES REGARDLESS OF THE THEORY OF LIABILITY, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR ANY OTHER LEGAL THEORY, AND WHETHER OR NOT MCPHACKER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

MCPHACKER'S TOTAL AGGREGATE LIABILITY TO YOU FOR ALL CLAIMS ARISING OUT OF OR RELATING TO THE SERVICE SHALL NOT EXCEED THE GREATER OF: (A) THE AMOUNT YOU PAID TO MCPHACKER IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM, OR (B) ONE HUNDRED UNITED STATES DOLLARS ($100.00).

9. External Links Disclaimer

9.1 Third-Party Links

The Service may contain links to third-party websites, resources, or services that are not owned or controlled by MCPhacker. These links are provided for your convenience and informational purposes only.

9.2 No Endorsement

The inclusion of any link to a third-party website does not imply endorsement, approval, or recommendation by MCPhacker of that website, its content, its operators, or any products or services offered through it.

9.3 No Responsibility

MCPhacker has no control over, and assumes no responsibility for, the content, privacy policies, practices, security, or availability of any third-party websites or resources. You access third-party websites at your own risk and subject to the terms and conditions of those websites.

9.4 Vulnerability Information Links

Scan Results may include references or links to external vulnerability databases, security advisories, CVE entries, or other security-related resources. These references are provided for informational purposes to help you understand identified vulnerabilities. MCPhacker does not guarantee the accuracy, completeness, or continued availability of information at these external resources.

10. No Endorsement of Scan Targets

10.1 Neutral Tool

MCPhacker is a neutral security scanning tool. The inclusion of any MCP server, URL, endpoint, or system as a Scan Target does not constitute:

An endorsement or approval of that system by MCPhacker.
A representation by MCPhacker that the system is legitimate, safe, or trustworthy.
A certification or validation of the security posture of that system.
Any affiliation, partnership, or relationship between MCPhacker and the operators of that system.

10.2 No Verification of Targets

MCPhacker does not and cannot verify the legitimacy, ownership, or authorization status of Scan Targets submitted by users. Due to our zero-knowledge architecture, we do not have access to scan target information. The Service processes encrypted scan requests as submitted. Any representation regarding ownership or authorization is made solely by the user who submits the scan request, and we have no ability to verify such representations.

10.3 No Security Certification

A completed scan and resulting Scan Results do not constitute a security certification, seal of approval, compliance verification, or any other form of security endorsement. MCPhacker does not certify, endorse, or vouch for the security of any scanned system.

11. Availability and Service Interruptions

11.1 No Uptime Guarantee

MCPhacker does not guarantee that the Service will be available at all times or that the Service will be uninterrupted, error-free, or free from defects. The Service may be temporarily unavailable due to scheduled maintenance, unscheduled outages, technical issues, or factors beyond our control.

11.2 Service Modifications

MCPhacker reserves the right to modify, suspend, or discontinue the Service, or any part thereof, at any time with or without notice. MCPhacker shall not be liable to you or any third party for any modification, suspension, or discontinuation of the Service.

12. Indemnification

By using the Service and relying on Scan Results, AI-generated analysis, or any other output of the Service, you agree to indemnify and hold harmless MCPhacker from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys' fees) arising out of or related to your reliance on, use of, or actions based on the Service's outputs.

13. Changes to This Disclaimer

MCPhacker reserves the right to update or modify this Disclaimer at any time. If we make material changes, we will:

Post the updated Disclaimer on the Service with a revised "Last Updated" date.
Notify you via the email address associated with your Account.

Material changes will be effective thirty (30) days after notification. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised Disclaimer.

14. Severability

If any provision of this Disclaimer is held to be unenforceable or invalid by a court of competent jurisdiction, that provision shall be enforced to the maximum extent permissible, and the remaining provisions shall remain in full force and effect.

15. Governing Law

This Disclaimer shall be governed by and construed in accordance with the laws of the State of Delaware, United States of America, without regard to its conflict of law provisions, consistent with the governing law provisions of our Terms of Service.

16. Contact Information

If you have any questions about this Disclaimer, please contact us:

Email: legal@mcphacker.com
Website: https://mcphacker.com

This Disclaimer was last updated on 2025-01-01.