MCP Security Audit — AI/ML Vulnerability ScannerMcp Security Audit
@LuciferForge
MCP Security Audit — AI/ML Vulnerability ScannerMcp Security Audit について
Scan any GitHub repository for 21 AI/ML vulnerability patterns across Python, Java, Go, C++, and Rust. Detects eval injection, pickle deserialization, SSRF, command injection, SQL injection, unsafe YAML, hardcoded secrets, and more. Severity-weighted risk scoring with line-level
基本情報
設定
以下の設定を使って、このサーバーを MCP 対応クライアントに追加してください。
{
"mcpServers": {
"security-audit": {
"command": "python",
"args": [
"-m",
"mcp_security_audit"
],
"env": {}
}
}
}ツール
3Scan a GitHub repository for vulnerabilities
Scan a code snippet directly
List all 21 detection patterns
概要
What is MCP Security Audit — AI/ML Vulnerability Scanner?
MCP Security Audit is an MCP server that scans code for security vulnerabilities. It inspects GitHub repositories or code snippets across five languages (Python, Java, Go, C++, Rust) using 21 detection patterns spanning critical to low severity issues. It is intended for developers and security teams who want to integrate vulnerability scanning into AI‑assisted workflows.
How to use MCP Security Audit — AI/ML Vulnerability Scanner?
Install via pip: pip install mcp-security-audit. Then use the server’s tools (audit_repo, audit_code, list_patterns) with any MCP‑compatible client. No additional configuration keys are required beyond standard MCP setup.
Key features of MCP Security Audit — AI/ML Vulnerability Scanner
- Scans GitHub repositories and code snippets
- Covers 21 detection patterns across 5 languages
- Severity levels from CRITICAL through LOW
- Detects eval/exec injection, deserialization attacks, command injection, SSRF, SQL injection, buffer overflow, format strings, unsafe blocks, and hardcoded secrets
- Provides a
list_patternstool to enumerate all patterns
Use cases of MCP Security Audit — AI/ML Vulnerability Scanner
- Scan a GitHub repository for vulnerabilities before merging a pull request
- Check a code snippet for security issues during an AI chat session
- Enumerate all supported detection patterns to understand scan coverage
FAQ from MCP Security Audit — AI/ML Vulnerability Scanner
How do I install the server?
Run pip install mcp-security-audit.
What tools does the server provide?
It provides three tools: audit_repo (scan a GitHub repo), audit_code (scan a code snippet), and list_patterns (list all 21 detection patterns).
Which languages and vulnerability patterns are supported?
Five languages are covered: Python (9 patterns), Java (3), Go (3), C++ (3), and Rust (3). The 21 patterns include eval/exec injection, deserialization attacks, command injection, SSRF, SQL injection, buffer overflow, format strings, unsafe blocks, and hardcoded secrets.
What severity levels are included?
Patterns range from CRITICAL through LOW severity.
Where can I find more information or the source code?
The project is available on PyPI (pypi.org/project/mcp-security-audit) and GitHub (github.com/LuciferForge/mcp-security-audit).
「開発者ツール」の他のコンテンツ
test
cloudwegoThe ultimate LLM/AI application development framework in Go.
Grafana MCP server
grafanaMCP server for Grafana
JetBrains MCP Proxy Server
JetBrainsA model context protocol server to work with JetBrains IDEs: IntelliJ, PyCharm, WebStorm, etc. Also, works with Android Studio
Unity MCP (Server + Plugin)
IvanMurzakAI Skills, MCP Tools, and CLI for Unity Engine. Full AI develop and test loop. Use cli for quick setup. Efficient token usage, advanced tools. Any C# method may be turned into a tool by a single line. Works with Claude Code, Gemini, Copilot, Cursor and any other absolutely for fr
Golf
golf-mcpProduction-Ready MCP Server Framework • Build, deploy & scale secure AI agent infrastructure • Includes Auth, Observability, Debugger, Telemetry & Runtime • Run real-world MCPs powering AI Agents
コメント