Laraguard Mcp
@ecr17dev
Laraguard Mcp について
概要はまだありません
基本情報
設定
以下の設定を使って、このサーバーを MCP 対応クライアントに追加してください。
{
"mcpServers": {
"laraguard": {
"command": "node",
"args": [
"/absolute/path/to/Laraguard MCP/dist/index.js"
],
"env": {
"MCP_BASE_PATHS": "/absolute/path/to/your-laravel-project"
}
}
}
}ツール
ツールは検出されませんでした
ツールは README から自動的に抽出されます。メンテナーは ## Tools という見出しの下に記載することで、このタブに反映できます。
概要
What is Laraguard MCP?
Laraguard MCP is a security audit server for Laravel projects that implements the Model Context Protocol (MCP) using stdio transport. It performs static analysis, dependency CVE scanning, and live attack simulation without requiring Laravel to be running, returning structured JSON findings categorized by severity.
How to use Laraguard MCP?
Clone the repository, install dependencies with npm install, and optionally configure environment variables (e.g., MCP_BASE_PATHS). Then add a laraguard entry to your MCP client’s configuration (JSON block with command node pointing to dist/index.js, or npx tsx pointing to src/index.ts under development). Tools are invoked by sending tool calls like project_info, full_audit, or attack_simulate with a path and optional baseUrl.
Key features of Laraguard MCP
- Static code scanning with 15+ rules covering SQL injection, RCE, hardcoded credentials, and LFI
- Blade XSS scanner that detects unescaped output in templates
- Route and middleware audit for missing auth, throttle, or CSRF exceptions
- Dependency CVE feed querying the OSV.dev batch API for real vulnerabilities
- Configuration audit inspecting
.envandconfig/cors.phpfor critical misconfigurations - Active attack simulation firing live HTTP probes (SQLi, XSS, CSRF, auth bypass, rate limiting)
Use cases of Laraguard MCP
- Pre-deployment security audit of Laravel codebases to catch vulnerabilities before production
- Continuous integration pipeline integration to block risky commits automatically
- Dependency vulnerability monitoring via
composer.lockCVE lookups - Security researcher or penetration tester tool for automated Laravel reconnaissance
FAQ from Laraguard MCP
What runtime does Laraguard MCP require?
Node.js 20 or higher and npm 10 or higher are required. The server runs as a pure TypeScript process using @modelcontextprotocol/sdk.
Does Laraguard MCP send my project data to an external service?
Only the dependency_audit tool makes external HTTP requests to the OSV.dev API to query CVEs. All other tools operate entirely locally, and sensitive values are redacted before reaching the MCP client.
How do I configure which directories can be scanned?
Set the MCP_BASE_PATHS environment variable (comma-separated) or MCP_BASE_PATH (single path) in the MCP client’s env block. If neither is set, the current working directory is used.
Which MCP clients are supported?
Any MCP client that supports stdio transport, including Cursor, Claude Desktop, and VS Code MCP extensions. Configuration involves adding a laraguard entry under mcpServers in the client’s config file.
How does attack simulation work and what does it require?
The attack_simulate tool sends six live HTTP probes (SQL injection, XSS, CSRF, auth bypass, rate limiting, error disclosure) to a running Laravel app. It requires the baseUrl parameter pointing to a live server.
「その他」の他のコンテンツ
MCP Toolbox for Databases
googleapisMCP Toolbox for Databases is an open source MCP server for databases.
Blender
ahujasidOpen-source MCP to use Blender with any LLM
ICSS
chokcoco不止于 CSS
IDA Pro MCP
mrexodiaAI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.
Awesome Mlops
visengerA curated list of references for MLOps
コメント