MCP ConfigsMay 12, 2026·3 min read

mcp-audit — Scan MCP Configs for Secrets & Shadow APIs

Audit MCP server configs and source trees to find exposed secrets, risky endpoints, and model access. Outputs JSON/CSV/SARIF/CycloneDX AI-BOM for CI gates.

Agent ready

Safe staging for this asset

This asset is staged first. The copied prompt tells the agent to inspect the staged files and ask before activating scripts, MCP config, or global config.

Stage only · 27/100Policy: stage
Agent surface
Any MCP/CLI agent
Kind
Mcp Config
Install
Pip
Trust
Trust: Established
Entrypoint
pip install mcp-audit && mcp-audit --help
Safe staging command
npx -y tokrepo@latest install 67ac2a2b-e81c-50f9-bb30-0943e7df8787 --target codex

Stages files first; activation requires review of the staged README and plan.

Intro

mcp-audit is a security-focused CLI that inventories MCP configurations and can optionally analyze MCP server source code, so teams can understand what their agents can access before shipping.

Best for: Security reviews for agent toolchains, CI compliance, and MCP governance

Works with: Local repos/paths; JSON/CSV/SARIF/CycloneDX outputs; CLI-first workflows

Setup time: 5–10 minutes

Key facts (verified)

  • Supports scan for configs and source-scan for code per README.
  • Exports JSON, CSV, Markdown, SARIF, and CycloneDX 1.6 AI-BOM formats (README).
  • GitHub: 149 stars · 37 forks; pushed 2026-05-12 (GitHub API verified).

Main

Use mcp-audit as a guardrail, not a one-off report:

  • Add mcp-audit scan to CI to catch accidental secret commits in MCP configs.
  • Run source-scan on any in-house MCP server before granting it broad access.
  • Prefer SARIF output if you already use GitHub code scanning, so findings land where engineers work.

README excerpt (verbatim)

MCP Audit

License: MIT Python 3.9+ GitHub release

See what your AI agents can access - before they go live.

Web App MCP Audit Web App

CLI MCP Audit CLI

What It Does

MCP Audit scans your AI development tools (Claude Desktop, Cursor, VS Code) and reveals:

  • Secrets - Exposed API keys, tokens, database passwords
  • APIs - Every endpoint your AI agents connect to
  • AI Models - Which LLMs are configured (GPT-4, Claude, Llama)
  • Risk Flags - Shell access, filesystem access, unverified sources
⚠️  2 SECRET(S) DETECTED - IMMEDIATE ACTION REQUIRED

[CRITICAL] GitHub Personal Access Token
  Location: github-tools  env.GITHUB_TOKEN
  Remediation: https://github.com/settings/tokens  Delete  Recreate

[HIGH] Database Connection String
  Location: postgres-mcp  env.DATABASE_URL
  Remediation: Rotate credentials, use secrets manager

Source-level Scanning (new in v1.1)

mcp-audit scan inventories MCP server configurations. The new mcp-audit source-scan command goes one level deeper — it reads the MCP server's own source code and flags code-level vulnerabilities the server author may have introduced.

Today it catches the "Prompt In, Shell Out" attack chain: an MCP server that pipes an LLM-controlled tool argument into a shell-spawning API (child_process.exec, util.promisify(exec), subprocess.run(shell=True), os.system, os.popen) without sanitization. An attacker controlling the LLM input can inject shell metacharacters and execute arbitrary code on the host running the MCP server.

$ mcp-audit source-scan ./packages/my-mcp-server

MCP source-scan: packages/my-mcp-server
1 critical · 0 high · 1 finding(s) total

  Severity  Conf  File:Line      API                                          Snippet
  CRITICAL  high  server.js:19   util.promisify(child_process.exec) ...       const { stdout } = await execAsync(

Outputs:

  • --format table (default, human-readable)

FAQ

Q: What does scan look at? A: README says it inventories MCP server configurations and summarizes access.

Q: When should I use source-scan? A: Use it for in-house or unverified servers to catch code-level risks.

Q: What output fits CI? A: JSON for parsing, or SARIF/CycloneDX when integrating with security tooling.

🙏

Source & Thanks

Source: https://github.com/apisec-inc/mcp-audit > License: MIT > GitHub stars: 149 · forks: 37

Discussion

Sign in to join the discussion.
No comments yet. Be the first to share your thoughts.

Related Assets