MCP Security Audit — AI/ML Vulnerability ScannerMcp Security Audit
@LuciferForge
About MCP Security Audit — AI/ML Vulnerability ScannerMcp Security Audit
Scan any GitHub repository for 21 AI/ML vulnerability patterns across Python, Java, Go, C++, and Rust. Detects eval injection, pickle deserialization, SSRF, command injection, SQL injection, unsafe YAML, hardcoded secrets, and more. Severity-weighted risk scoring with line-level
Basic information
Config
Add this server to your MCP-compatible client using the configuration below.
{
"mcpServers": {
"security-audit": {
"command": "python",
"args": [
"-m",
"mcp_security_audit"
],
"env": {}
}
}
}Tools
3Scan a GitHub repository for vulnerabilities
Scan a code snippet directly
List all 21 detection patterns
Overview
What is MCP Security Audit — AI/ML Vulnerability Scanner?
MCP Security Audit is an MCP server that scans code for security vulnerabilities. It inspects GitHub repositories or code snippets across five languages (Python, Java, Go, C++, Rust) using 21 detection patterns spanning critical to low severity issues. It is intended for developers and security teams who want to integrate vulnerability scanning into AI‑assisted workflows.
How to use MCP Security Audit — AI/ML Vulnerability Scanner?
Install via pip: pip install mcp-security-audit. Then use the server’s tools (audit_repo, audit_code, list_patterns) with any MCP‑compatible client. No additional configuration keys are required beyond standard MCP setup.
Key features of MCP Security Audit — AI/ML Vulnerability Scanner
- Scans GitHub repositories and code snippets
- Covers 21 detection patterns across 5 languages
- Severity levels from CRITICAL through LOW
- Detects eval/exec injection, deserialization attacks, command injection, SSRF, SQL injection, buffer overflow, format strings, unsafe blocks, and hardcoded secrets
- Provides a
list_patternstool to enumerate all patterns
Use cases of MCP Security Audit — AI/ML Vulnerability Scanner
- Scan a GitHub repository for vulnerabilities before merging a pull request
- Check a code snippet for security issues during an AI chat session
- Enumerate all supported detection patterns to understand scan coverage
FAQ from MCP Security Audit — AI/ML Vulnerability Scanner
How do I install the server?
Run pip install mcp-security-audit.
What tools does the server provide?
It provides three tools: audit_repo (scan a GitHub repo), audit_code (scan a code snippet), and list_patterns (list all 21 detection patterns).
Which languages and vulnerability patterns are supported?
Five languages are covered: Python (9 patterns), Java (3), Go (3), C++ (3), and Rust (3). The 21 patterns include eval/exec injection, deserialization attacks, command injection, SSRF, SQL injection, buffer overflow, format strings, unsafe blocks, and hardcoded secrets.
What severity levels are included?
Patterns range from CRITICAL through LOW severity.
Where can I find more information or the source code?
The project is available on PyPI (pypi.org/project/mcp-security-audit) and GitHub (github.com/LuciferForge/mcp-security-audit).
More Developer Tools MCP servers
MCP Containers
metorialConnect any AI model to 1200+ integrations (MCP, CLI, API)
MCP-Bridge
SecretiveShellA middleware to provide an openAI compatible endpoint that can call MCP tools
test
harlancA simple,high performance and secure live media server in pure Rust (RTMP[cluster]/RTSP/WebRTC[whip/whep]/HTTP-FLV/HLS).🦀
TalkToFigma
sonnylazuardiTalkToFigma: MCP integration between AI Agent (Cursor, Claude Code, Codex) and Figma, allowing Agentic AI to communicate with Figma for reading designs and modifying them programmatically.
DevDocs by CyberAGI 🚀
cyberagiincCompletely free, private, UI based Tech Documentation MCP server. Designed for coders and software developers in mind. Easily integrate into Cursor, Windsurf, Cline, Roo Code, Claude Desktop App
Comments