MCP Security Audit — AI/ML Vulnerability ScannerMcp Security Audit
@LuciferForge
关于 MCP Security Audit — AI/ML Vulnerability ScannerMcp Security Audit
Scan any GitHub repository for 21 AI/ML vulnerability patterns across Python, Java, Go, C++, and Rust. Detects eval injection, pickle deserialization, SSRF, command injection, SQL injection, unsafe YAML, hardcoded secrets, and more. Severity-weighted risk scoring with line-level
基本信息
配置
使用下面的配置,将此服务器添加到你的 MCP 客户端。
{
"mcpServers": {
"security-audit": {
"command": "python",
"args": [
"-m",
"mcp_security_audit"
],
"env": {}
}
}
}工具
3Scan a GitHub repository for vulnerabilities
Scan a code snippet directly
List all 21 detection patterns
概览
What is MCP Security Audit — AI/ML Vulnerability Scanner?
MCP Security Audit is an MCP server that scans code for security vulnerabilities. It inspects GitHub repositories or code snippets across five languages (Python, Java, Go, C++, Rust) using 21 detection patterns spanning critical to low severity issues. It is intended for developers and security teams who want to integrate vulnerability scanning into AI‑assisted workflows.
How to use MCP Security Audit — AI/ML Vulnerability Scanner?
Install via pip: pip install mcp-security-audit. Then use the server’s tools (audit_repo, audit_code, list_patterns) with any MCP‑compatible client. No additional configuration keys are required beyond standard MCP setup.
Key features of MCP Security Audit — AI/ML Vulnerability Scanner
- Scans GitHub repositories and code snippets
- Covers 21 detection patterns across 5 languages
- Severity levels from CRITICAL through LOW
- Detects eval/exec injection, deserialization attacks, command injection, SSRF, SQL injection, buffer overflow, format strings, unsafe blocks, and hardcoded secrets
- Provides a
list_patternstool to enumerate all patterns
Use cases of MCP Security Audit — AI/ML Vulnerability Scanner
- Scan a GitHub repository for vulnerabilities before merging a pull request
- Check a code snippet for security issues during an AI chat session
- Enumerate all supported detection patterns to understand scan coverage
FAQ from MCP Security Audit — AI/ML Vulnerability Scanner
How do I install the server?
Run pip install mcp-security-audit.
What tools does the server provide?
It provides three tools: audit_repo (scan a GitHub repo), audit_code (scan a code snippet), and list_patterns (list all 21 detection patterns).
Which languages and vulnerability patterns are supported?
Five languages are covered: Python (9 patterns), Java (3), Go (3), C++ (3), and Rust (3). The 21 patterns include eval/exec injection, deserialization attacks, command injection, SSRF, SQL injection, buffer overflow, format strings, unsafe blocks, and hardcoded secrets.
What severity levels are included?
Patterns range from CRITICAL through LOW severity.
Where can I find more information or the source code?
The project is available on PyPI (pypi.org/project/mcp-security-audit) and GitHub (github.com/LuciferForge/mcp-security-audit).
开发工具 分类下的更多 MCP 服务器
MCP Framework
QuantGeekDevThe Typescript MCP Framework

Sentry
modelcontextprotocolModel Context Protocol Servers
Burp Suite MCP Server Extension
PortSwiggerMCP Server for Burp
mcp-excalidraw
yctimlinMCP server and Claude Code skill for Excalidraw — programmatic canvas toolkit to create, edit, and export diagrams via AI agents with real-time canvas sync.
MCP Unity Editor (Game Engine)
CoderGamesterModel Context Protocol (MCP) plugin to connect with Unity Editor — designed for Cursor, Claude Code, Codex, Windsurf and other IDEs
评论