mcpserver-marketplace
Verified Safeby ModelContextProtocol-Security
Overview
A security evaluation framework and tooling for auditing MCP (Model Context Protocol) marketplaces, clients, and servers, aiming to proactively identify and address security risks in the MCP ecosystem.
Installation
python audit.py <url_to_audit>Environment Variables
- GITHUB_TOKEN
Security Notes
This repository is a security auditing tool, not an MCP server for end-user interaction. Its purpose is to identify security risks in *other* MCP components. The source code itself appears well-structured, uses standard libraries, and handles secrets (like GitHub tokens) via environment variables or command-line arguments, which is good practice for such a tool. It uses `subprocess.run` to execute external tools like `curl`, `dig`, and `openssl`, which is appropriate for its auditing functions. No obvious 'eval' or malicious obfuscation patterns were found within its own codebase.
Similar Servers
awesome-mcp-security
This repository serves as a curated list of resources, including papers, videos, articles, tools, and servers, focusing on Model Context Protocol (MCP) security.
pentesting-mcp-servers-checklist
Provides a comprehensive checklist for security practitioners to pentest Model Context Protocol (MCP) servers and AI agents.
modelcontextprotocol-security.io
Provides comprehensive security guidance, best practices, and resources for hardening Model Context Protocol (MCP) deployments and AI agents.
MCP-Server-Vuln-Analysis
This project documents the analysis and discovery of severe vulnerabilities in Model Context Protocol (MCP) server implementations, including Server-Side Request Forgery (SSRF) and Path Traversal, and proposes responsible disclosure.