mcp-audit

mcp-audit

A frontend security dependency auditing tool that identifies vulnerabilities in local and remote repositories using the Model Context Protocol. It provides detailed audit information like CVSS scores and dependency chains, generating standardized markdown reports.

Category
Visit Server

README

Cheen - mcp-audit

项目描述

基于MCP Server协议的前端安全依赖审计工具

工具支持本地工程和远程仓库,包含CVSS、CWE、依赖链等关键审计信息。

审计结果为标准化 markdown 文件

现在是MVP版本

🚀 后续可能支持

  • monorepo工程如何处理
  • 适配不同的仓库
  • 适配不同的本地环境
  • 图形展示依赖关系 ……

审查结果示例:

@cheen/project审计结果

您所审计的工程总共有 2 个风险漏洞。

其中:

  • 严重漏洞:共计 0
  • 高危漏洞:共计 0
  • 中危漏洞:共计 2
  • 低危漏洞:共计 0

说明:

  • 严重漏洞被认为是极其严重的,应该立即修复。
  • 高危漏洞被认为是严重的,应该尽快修复。
  • 中危漏洞被认为是中等严重的,可以选择在时间允许时修复。
  • 低危漏洞被认为是轻微的,可以根据自行需要进行修复。

下面是漏洞的详细信息

中危漏洞

共计 2

esbuild

漏洞描述

  • esbuild enables any website to send any requests to the development server and read the response
    • npm漏洞编号:1102341
    • 漏洞详细说明:https://github.com/advisories/GHSA-67mh-4wv8-2f99
    • 漏洞等级:中危
    • 受影响的版本:<=0.24.2

依赖关系

  • @cheen/project / vitest / vite-node / vite / esbuild

  • @cheen/project / vitest / vite / esbuild

漏洞包所在目录

  • node_modules/esbuild

vue-template-compiler

漏洞描述

  • vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
    • npm漏洞编号:1111772
    • 漏洞详细说明:https://github.com/advisories/GHSA-g3ch-rx76-35fx
    • 漏洞等级:中危
    • 受影响的版本:>=2.0.0 <3.0.0

依赖关系

  • @cheen/project / vue-tsc / @vue/language-core / vue-template-compiler

漏洞包所在目录

  • node_modules/vue-template-compiler

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured