MCP Security Audit — AI/ML Vulnerability ScannerMcp Security Audit

@LuciferForge

3 months ago

Scan any GitHub repository for 21 AI/ML vulnerability patterns across Python, Java, Go, C++, and Rust. Detects eval injection, pickle deserialization, SSRF, command injection, SQL injection, unsafe YAML, hardcoded secrets, and more. Severity-weighted risk scoring with line-level findings.

概要ツールコメント

概要

Install

pip install mcp-security-audit

Tools

audit_repo — Scan a GitHub repository for vulnerabilities
audit_code — Scan a code snippet directly
list_patterns — List all 21 detection patterns

21 Patterns Across 5 Languages

Python (9), Java (3), Go (3), C++ (3), Rust (3)

Covers CRITICAL through LOW severity: eval/exec injection, deserialization attacks, command injection, SSRF, SQL injection, buffer overflow, format strings, unsafe blocks, and hardcoded secrets.

Links

Playgroundで試す

サーバー設定

{
  "mcpServers": {
    "security-audit": {
      "command": "python",
      "args": [
        "-m",
        "mcp_security_audit"
      ],
      "env": {}
    }
  }
}

Build with ShipAny.