Main
Use mcp-audit as a guardrail, not a one-off report:
- Add
mcp-audit scanto CI to catch accidental secret commits in MCP configs. - Run
source-scanon any in-house MCP server before granting it broad access. - Prefer SARIF output if you already use GitHub code scanning, so findings land where engineers work.
README excerpt (verbatim)
MCP Audit
See what your AI agents can access - before they go live.
Web App

CLI

What It Does
MCP Audit scans your AI development tools (Claude Desktop, Cursor, VS Code) and reveals:
- Secrets - Exposed API keys, tokens, database passwords
- APIs - Every endpoint your AI agents connect to
- AI Models - Which LLMs are configured (GPT-4, Claude, Llama)
- Risk Flags - Shell access, filesystem access, unverified sources
⚠️ 2 SECRET(S) DETECTED - IMMEDIATE ACTION REQUIRED
[CRITICAL] GitHub Personal Access Token
Location: github-tools → env.GITHUB_TOKEN
Remediation: https://github.com/settings/tokens → Delete → Recreate
[HIGH] Database Connection String
Location: postgres-mcp → env.DATABASE_URL
Remediation: Rotate credentials, use secrets managerSource-level Scanning (new in v1.1)
mcp-audit scan inventories MCP server configurations. The new mcp-audit source-scan command goes one level deeper — it reads the MCP server's own source code and flags code-level vulnerabilities the server author may have introduced.
Today it catches the "Prompt In, Shell Out" attack chain: an MCP server that pipes an LLM-controlled tool argument into a shell-spawning API (child_process.exec, util.promisify(exec), subprocess.run(shell=True), os.system, os.popen) without sanitization. An attacker controlling the LLM input can inject shell metacharacters and execute arbitrary code on the host running the MCP server.
$ mcp-audit source-scan ./packages/my-mcp-server
MCP source-scan: packages/my-mcp-server
1 critical · 0 high · 1 finding(s) total
Severity Conf File:Line API Snippet
CRITICAL high server.js:19 util.promisify(child_process.exec) ... const { stdout } = await execAsync(Outputs:
--format table(default, human-readable)
FAQ
Q: What does scan look at?
A: README says it inventories MCP server configurations and summarizes access.
Q: When should I use source-scan?
A: Use it for in-house or unverified servers to catch code-level risks.
Q: What output fits CI? A: JSON for parsing, or SARIF/CycloneDX when integrating with security tooling.