Analyze an MCP server manifest for security risk before install — destructive actions, over-broad scopes, sensitive-data egress, weak auth, prompt-injection surface, and permission diff. Returns per-tool, per-factor findings with severity, why, and a concrete fix (not just a score).