MCP Security Audit — AI/ML Vulnerability ScannerMcp Security Audit
@LuciferForge
About MCP Security Audit — AI/ML Vulnerability ScannerMcp Security Audit
Scan any GitHub repository for 21 AI/ML vulnerability patterns across Python, Java, Go, C++, and Rust. Detects eval injection, pickle deserialization, SSRF, command injection, SQL injection, unsafe YAML, hardcoded secrets, and more. Severity-weighted risk scoring with line-level
Basic information
Config
Add this server to your MCP-compatible client using the configuration below.
{
"mcpServers": {
"security-audit": {
"command": "python",
"args": [
"-m",
"mcp_security_audit"
],
"env": {}
}
}
}Tools
3Scan a GitHub repository for vulnerabilities
Scan a code snippet directly
List all 21 detection patterns
Overview
What is MCP Security Audit — AI/ML Vulnerability Scanner?
MCP Security Audit is an MCP server that scans code for security vulnerabilities. It inspects GitHub repositories or code snippets across five languages (Python, Java, Go, C++, Rust) using 21 detection patterns spanning critical to low severity issues. It is intended for developers and security teams who want to integrate vulnerability scanning into AI‑assisted workflows.
How to use MCP Security Audit — AI/ML Vulnerability Scanner?
Install via pip: pip install mcp-security-audit. Then use the server’s tools (audit_repo, audit_code, list_patterns) with any MCP‑compatible client. No additional configuration keys are required beyond standard MCP setup.
Key features of MCP Security Audit — AI/ML Vulnerability Scanner
- Scans GitHub repositories and code snippets
- Covers 21 detection patterns across 5 languages
- Severity levels from CRITICAL through LOW
- Detects eval/exec injection, deserialization attacks, command injection, SSRF, SQL injection, buffer overflow, format strings, unsafe blocks, and hardcoded secrets
- Provides a
list_patternstool to enumerate all patterns
Use cases of MCP Security Audit — AI/ML Vulnerability Scanner
- Scan a GitHub repository for vulnerabilities before merging a pull request
- Check a code snippet for security issues during an AI chat session
- Enumerate all supported detection patterns to understand scan coverage
FAQ from MCP Security Audit — AI/ML Vulnerability Scanner
How do I install the server?
Run pip install mcp-security-audit.
What tools does the server provide?
It provides three tools: audit_repo (scan a GitHub repo), audit_code (scan a code snippet), and list_patterns (list all 21 detection patterns).
Which languages and vulnerability patterns are supported?
Five languages are covered: Python (9 patterns), Java (3), Go (3), C++ (3), and Rust (3). The 21 patterns include eval/exec injection, deserialization attacks, command injection, SSRF, SQL injection, buffer overflow, format strings, unsafe blocks, and hardcoded secrets.
What severity levels are included?
Patterns range from CRITICAL through LOW severity.
Where can I find more information or the source code?
The project is available on PyPI (pypi.org/project/mcp-security-audit) and GitHub (github.com/LuciferForge/mcp-security-audit).
More Developer Tools MCP servers
Code Index MCP
johnhuang316A Model Context Protocol (MCP) server that helps large language models index, search, and analyze code repositories with minimal setup
Smithery CLI
smithery-aiInstall, manage and develop MCP servers and skills for agents

Sentry
modelcontextprotocolModel Context Protocol Servers
Grafana MCP server
grafanaMCP server for Grafana
test
cloudwegoThe ultimate LLM/AI application development framework in Go.
Comments