MCP.so
Sign In
M

MCP Security Audit — AI/ML Vulnerability ScannerMcp Security Audit

@LuciferForge

About MCP Security Audit — AI/ML Vulnerability ScannerMcp Security Audit

Scan any GitHub repository for 21 AI/ML vulnerability patterns across Python, Java, Go, C++, and Rust. Detects eval injection, pickle deserialization, SSRF, command injection, SQL injection, unsafe YAML, hardcoded secrets, and more. Severity-weighted risk scoring with line-level

Basic information

Category

Developer Tools

Transports

stdio

Publisher

LuciferForge

Submitted by

g manju

Config

Add this server to your MCP-compatible client using the configuration below.

{
  "mcpServers": {
    "security-audit": {
      "command": "python",
      "args": [
        "-m",
        "mcp_security_audit"
      ],
      "env": {}
    }
  }
}

Tools

3

Scan a GitHub repository for vulnerabilities

Scan a code snippet directly

List all 21 detection patterns

Overview

What is MCP Security Audit — AI/ML Vulnerability Scanner?

MCP Security Audit is an MCP server that scans code for security vulnerabilities. It inspects GitHub repositories or code snippets across five languages (Python, Java, Go, C++, Rust) using 21 detection patterns spanning critical to low severity issues. It is intended for developers and security teams who want to integrate vulnerability scanning into AI‑assisted workflows.

How to use MCP Security Audit — AI/ML Vulnerability Scanner?

Install via pip: pip install mcp-security-audit. Then use the server’s tools (audit_repo, audit_code, list_patterns) with any MCP‑compatible client. No additional configuration keys are required beyond standard MCP setup.

Key features of MCP Security Audit — AI/ML Vulnerability Scanner

  • Scans GitHub repositories and code snippets
  • Covers 21 detection patterns across 5 languages
  • Severity levels from CRITICAL through LOW
  • Detects eval/exec injection, deserialization attacks, command injection, SSRF, SQL injection, buffer overflow, format strings, unsafe blocks, and hardcoded secrets
  • Provides a list_patterns tool to enumerate all patterns

Use cases of MCP Security Audit — AI/ML Vulnerability Scanner

  • Scan a GitHub repository for vulnerabilities before merging a pull request
  • Check a code snippet for security issues during an AI chat session
  • Enumerate all supported detection patterns to understand scan coverage

FAQ from MCP Security Audit — AI/ML Vulnerability Scanner

How do I install the server?

Run pip install mcp-security-audit.

What tools does the server provide?

It provides three tools: audit_repo (scan a GitHub repo), audit_code (scan a code snippet), and list_patterns (list all 21 detection patterns).

Which languages and vulnerability patterns are supported?

Five languages are covered: Python (9 patterns), Java (3), Go (3), C++ (3), and Rust (3). The 21 patterns include eval/exec injection, deserialization attacks, command injection, SSRF, SQL injection, buffer overflow, format strings, unsafe blocks, and hardcoded secrets.

What severity levels are included?

Patterns range from CRITICAL through LOW severity.

Where can I find more information or the source code?

The project is available on PyPI (pypi.org/project/mcp-security-audit) and GitHub (github.com/LuciferForge/mcp-security-audit).

Comments

More Developer Tools MCP servers