mcp-audit
Verified Safeby apisec-inc
Overview
Security audit and governance for AI agent configurations (MCPs) in development environments and GitHub repositories.
Installation
vercel devEnvironment Variables
- GMAIL_USER
- GMAIL_APP_PASSWORD
- MCP_AUDIT_API_KEY
Security Notes
The server's primary function is to generate and email PDF reports of scan summaries. It follows good security practices by: (1) only transmitting scan *summary* data (counts, risk levels) to the backend, *never* actual secret values or raw configurations; (2) using environment variables for sensitive credentials (Gmail user/password, API key); (3) implementing an API key for its report endpoint; (4) using a client-side approach for GitHub scanning, ensuring user tokens remain in the browser; (5) verifying the integrity of its known MCP registry file with SHA-256. The code shows no signs of 'eval', obfuscation, or direct malicious patterns. The overall design prioritizes privacy and transparency.
Similar Servers
mcp-watch
A comprehensive security scanner for Model Context Protocol (MCP) servers, detecting various vulnerabilities in their implementations.
mcp-security-scanner
A Python-based penetration testing tool designed to scan and identify vulnerabilities in Model Context Protocol (MCP) servers.
documcp
DocuMCP is an intelligent Model Context Protocol (MCP) server designed for automating documentation workflows, including analysis, generation, and deployment for GitHub Pages.
Mcpwn
Automated security testing framework for Model Context Protocol (MCP) servers, detecting RCE, path traversal, prompt injection, and protocol vulnerabilities.