MCP Security Scans
@mcp-research
About MCP Security Scans
Research project by
Basic information
Config
Add this server to your MCP-compatible client using the configuration below.
{
"mcpServers": {
"mcp-security-scans": {
"command": "python",
"args": [
"-m",
"venv",
".venv"
]
}
}
}Tools
No tools detected
We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.
Overview
What is MCP Security Scans?
MCP Security Scans is a Python script that automates forking repositories from the mcp-agents-ai/mcp-agents-hub and enabling GitHub Advanced Security (GHAS) features on the forks. It is designed for developers and security teams who want to centralize and secure MCP server configurations.
How to use MCP Security Scans?
Clone the repository, create a Python virtual environment, install dependencies from requirements.txt and requirements-dev.txt, set up a GitHub App with required permissions, then set the GH_APP_ID and GH_APP_PRIVATE_KEY environment variables. Run python -m src.process_mcp_repos to fork and enable security features; optionally use --target-org to specify a different target organization.
Key features of MCP Security Scans
- Supports loading MCP server configurations from multiple repository sources.
- Authenticates with GitHub using a GitHub App.
- Forks repositories into a specified target organization.
- Checks for existing forks before creating new ones.
- Enables Dependency Scanning, Security Fixes, Secret Scanning, and Code Scanning.
- Reports total repos processed and Dependabot configuration status.
Use cases of MCP Security Scans
- Automate centralizing MCP server repositories under a single organization.
- Enforce baseline security scanning on all forked MCP repositories.
- Identify which forks lack a Dependabot configuration for dependency updates.
- Integrate security compliance into an MCP repository management pipeline.
FAQ from MCP Security Scans
What dependencies are required?
Python 3, a virtual environment, and packages listed in requirements.txt and requirements-dev.txt.
How do I authenticate with GitHub?
You must create a GitHub App, grant it the necessary repository and organization permissions, install it on the target organization, and set the GH_APP_ID and GH_APP_PRIVATE_KEY environment variables.
What GitHub Advanced Security features does it enable?
It enables Dependency Scanning (Vulnerability Alerts), Automated Security Fixes, Secret Scanning, and Code Scanning with Default Setup (where supported).
Can I fork repositories into a different organization?
Yes, use the --target-org argument when running the script; the default organization is mcp-research.
How does the script handle already-forked repositories?
It checks if a fork already exists before attempting to create one, avoiding duplicate forks.
More Developer Tools MCP servers
Unity MCP (Server + Plugin)
IvanMurzakAI Skills, MCP Tools, and CLI for Unity Engine. Full AI develop and test loop. Use cli for quick setup. Efficient token usage, advanced tools. Any C# method may be turned into a tool by a single line. Works with Claude Code, Gemini, Copilot, Cursor and any other absolutely for fr
MCP Inspector
modelcontextprotocolVisual testing tool for MCP servers
Smithery CLI
smithery-aiInstall, manage and develop MCP servers and skills for agents
Huoshan Test
volcengineCode Index MCP
johnhuang316A Model Context Protocol (MCP) server that helps large language models index, search, and analyze code repositories with minimal setup
Comments