MCP.so
ログイン
L

Laraguard Mcp

@ecr17dev

Laraguard Mcp について

概要はまだありません

基本情報

カテゴリ

その他

トランスポート

stdio

公開者

ecr17dev

投稿者

ecr17.dev

設定

以下の設定を使って、このサーバーを MCP 対応クライアントに追加してください。

{
  "mcpServers": {
    "laraguard": {
      "command": "node",
      "args": [
        "/absolute/path/to/Laraguard MCP/dist/index.js"
      ],
      "env": {
        "MCP_BASE_PATHS": "/absolute/path/to/your-laravel-project"
      }
    }
  }
}

ツール

ツールは検出されませんでした

ツールは README から自動的に抽出されます。メンテナーは ## Tools という見出しの下に記載することで、このタブに反映できます。

概要

What is Laraguard MCP?

Laraguard MCP is a security audit server for Laravel projects that implements the Model Context Protocol (MCP) using stdio transport. It performs static analysis, dependency CVE scanning, and live attack simulation without requiring Laravel to be running, returning structured JSON findings categorized by severity.

How to use Laraguard MCP?

Clone the repository, install dependencies with npm install, and optionally configure environment variables (e.g., MCP_BASE_PATHS). Then add a laraguard entry to your MCP client’s configuration (JSON block with command node pointing to dist/index.js, or npx tsx pointing to src/index.ts under development). Tools are invoked by sending tool calls like project_info, full_audit, or attack_simulate with a path and optional baseUrl.

Key features of Laraguard MCP

  • Static code scanning with 15+ rules covering SQL injection, RCE, hardcoded credentials, and LFI
  • Blade XSS scanner that detects unescaped output in templates
  • Route and middleware audit for missing auth, throttle, or CSRF exceptions
  • Dependency CVE feed querying the OSV.dev batch API for real vulnerabilities
  • Configuration audit inspecting .env and config/cors.php for critical misconfigurations
  • Active attack simulation firing live HTTP probes (SQLi, XSS, CSRF, auth bypass, rate limiting)

Use cases of Laraguard MCP

  • Pre-deployment security audit of Laravel codebases to catch vulnerabilities before production
  • Continuous integration pipeline integration to block risky commits automatically
  • Dependency vulnerability monitoring via composer.lock CVE lookups
  • Security researcher or penetration tester tool for automated Laravel reconnaissance

FAQ from Laraguard MCP

What runtime does Laraguard MCP require?

Node.js 20 or higher and npm 10 or higher are required. The server runs as a pure TypeScript process using @modelcontextprotocol/sdk.

Does Laraguard MCP send my project data to an external service?

Only the dependency_audit tool makes external HTTP requests to the OSV.dev API to query CVEs. All other tools operate entirely locally, and sensitive values are redacted before reaching the MCP client.

How do I configure which directories can be scanned?

Set the MCP_BASE_PATHS environment variable (comma-separated) or MCP_BASE_PATH (single path) in the MCP client’s env block. If neither is set, the current working directory is used.

Which MCP clients are supported?

Any MCP client that supports stdio transport, including Cursor, Claude Desktop, and VS Code MCP extensions. Configuration involves adding a laraguard entry under mcpServers in the client’s config file.

How does attack simulation work and what does it require?

The attack_simulate tool sends six live HTTP probes (SQL injection, XSS, CSRF, auth bypass, rate limiting, error disclosure) to a running Laravel app. It requires the baseUrl parameter pointing to a live server.

コメント

「その他」の他のコンテンツ