Endpoint hostname is reachable from the public internet
Authored by Stanley Hong · AgentReserve (founder).
The MCP endpoint hostname is not `localhost`, a loopback address, a private/link-local IP range, or a *.local / *.internal / *.intranet / *.lan name. Internal-only hostnames in a published MCP URL usually indicate a misconfigured deployment.
When this rule runs
Evaluated on every scan — observable from the URL, TLS handshake, or HTTP response headers, even when the MCP layer is auth-walled or unresponsive.
Why it matters
An MCP URL pointing at a private hostname is at best a misconfiguration (the server isn't reachable to the listed audience) and at worst a sign of careless deployment hygiene worth investigating before trusting the surface.
Pass condition
Endpoint hostname does not match localhost, loopback, RFC 1918 private ranges, link-local, or .local / .internal / .intranet / .lan.
Fail condition
Endpoint hostname is localhost, a loopback or private IP, or has a private-network TLD suffix.
Evidence examples
When the rule fails, the report records evidence in roughly this shape:
{"hostname": "internal.local", "reason": "private-tld"}
Remediation
Publish the MCP endpoint under a public hostname with a valid TLS certificate. If the deployment really is meant to be internal, do not list it on a public registry.
Methodology
This rule belongs to the Endpoint hygiene dimension. Properties of the URL itself: whether the host is intended for public use, whether secrets appear in the URL, and other observable URL-level signals.
Read the full methodology for how rules are aggregated into a score, how verdicts are decided, and how hard-fail rules override the aggregate.