MCP.so
登录
L

Laraguard Mcp

@ecr17dev

关于 Laraguard Mcp

暂无概览

基本信息

分类

其他

传输方式

stdio

发布者

ecr17dev

提交者

ecr17.dev

配置

使用下面的配置,将此服务器添加到你的 MCP 客户端。

{
  "mcpServers": {
    "laraguard": {
      "command": "node",
      "args": [
        "/absolute/path/to/Laraguard MCP/dist/index.js"
      ],
      "env": {
        "MCP_BASE_PATHS": "/absolute/path/to/your-laravel-project"
      }
    }
  }
}

工具

未检测到工具

工具是从 README 中自动提取的。维护者可以在 ## Tools 标题下列出工具,即可填充这部分内容。

概览

What is Laraguard MCP?

Laraguard MCP is a security audit server for Laravel projects that implements the Model Context Protocol (MCP) using stdio transport. It performs static analysis, dependency CVE scanning, and live attack simulation without requiring Laravel to be running, returning structured JSON findings categorized by severity.

How to use Laraguard MCP?

Clone the repository, install dependencies with npm install, and optionally configure environment variables (e.g., MCP_BASE_PATHS). Then add a laraguard entry to your MCP client’s configuration (JSON block with command node pointing to dist/index.js, or npx tsx pointing to src/index.ts under development). Tools are invoked by sending tool calls like project_info, full_audit, or attack_simulate with a path and optional baseUrl.

Key features of Laraguard MCP

  • Static code scanning with 15+ rules covering SQL injection, RCE, hardcoded credentials, and LFI
  • Blade XSS scanner that detects unescaped output in templates
  • Route and middleware audit for missing auth, throttle, or CSRF exceptions
  • Dependency CVE feed querying the OSV.dev batch API for real vulnerabilities
  • Configuration audit inspecting .env and config/cors.php for critical misconfigurations
  • Active attack simulation firing live HTTP probes (SQLi, XSS, CSRF, auth bypass, rate limiting)

Use cases of Laraguard MCP

  • Pre-deployment security audit of Laravel codebases to catch vulnerabilities before production
  • Continuous integration pipeline integration to block risky commits automatically
  • Dependency vulnerability monitoring via composer.lock CVE lookups
  • Security researcher or penetration tester tool for automated Laravel reconnaissance

FAQ from Laraguard MCP

What runtime does Laraguard MCP require?

Node.js 20 or higher and npm 10 or higher are required. The server runs as a pure TypeScript process using @modelcontextprotocol/sdk.

Does Laraguard MCP send my project data to an external service?

Only the dependency_audit tool makes external HTTP requests to the OSV.dev API to query CVEs. All other tools operate entirely locally, and sensitive values are redacted before reaching the MCP client.

How do I configure which directories can be scanned?

Set the MCP_BASE_PATHS environment variable (comma-separated) or MCP_BASE_PATH (single path) in the MCP client’s env block. If neither is set, the current working directory is used.

Which MCP clients are supported?

Any MCP client that supports stdio transport, including Cursor, Claude Desktop, and VS Code MCP extensions. Configuration involves adding a laraguard entry under mcpServers in the client’s config file.

How does attack simulation work and what does it require?

The attack_simulate tool sends six live HTTP probes (SQL injection, XSS, CSRF, auth bypass, rate limiting, error disclosure) to a running Laravel app. It requires the baseUrl parameter pointing to a live server.

评论

其他 分类下的更多 MCP 服务器