Cette page est affichée en anglais. Une traduction française est en cours.
MCP ConfigsMay 12, 2026·3 min de lecture

mcp-audit — Scan MCP Configs for Secrets & Shadow APIs

Audit MCP server configs and source trees to find exposed secrets, risky endpoints, and model access. Outputs JSON/CSV/SARIF/CycloneDX AI-BOM for CI gates.

MCP Hub
MCP Hub · Community
Prêt pour agents

Staging sûr pour cet actif

Cet actif est d'abord staged. Le prompt copié demande à l'agent d'inspecter les fichiers staged avant d'activer scripts, config MCP ou config globale.

Stage only · 27/100Policy : staging
Surface agent
Tout agent MCP/CLI
Type
Mcp Config
Installation
Pip
Confiance
Confiance : Established
Point d'entrée
pip install mcp-audit && mcp-audit --help
Commande de staging sûr
npx -y tokrepo@latest install 67ac2a2b-e81c-50f9-bb30-0943e7df8787 --target codex

Stage les fichiers d'abord; l'activation exige la revue du README et du plan staged.

Introduction

mcp-audit is a security-focused CLI that inventories MCP configurations and can optionally analyze MCP server source code, so teams can understand what their agents can access before shipping.

Best for: Security reviews for agent toolchains, CI compliance, and MCP governance

Works with: Local repos/paths; JSON/CSV/SARIF/CycloneDX outputs; CLI-first workflows

Setup time: 5–10 minutes

Key facts (verified)

  • Supports scan for configs and source-scan for code per README.
  • Exports JSON, CSV, Markdown, SARIF, and CycloneDX 1.6 AI-BOM formats (README).
  • GitHub: 149 stars · 37 forks; pushed 2026-05-12 (GitHub API verified).

Main

Use mcp-audit as a guardrail, not a one-off report:

  • Add mcp-audit scan to CI to catch accidental secret commits in MCP configs.
  • Run source-scan on any in-house MCP server before granting it broad access.
  • Prefer SARIF output if you already use GitHub code scanning, so findings land where engineers work.

README excerpt (verbatim)

MCP Audit

License: MIT Python 3.9+ GitHub release

See what your AI agents can access - before they go live.

Web App MCP Audit Web App

CLI MCP Audit CLI

What It Does

MCP Audit scans your AI development tools (Claude Desktop, Cursor, VS Code) and reveals:

  • Secrets - Exposed API keys, tokens, database passwords
  • APIs - Every endpoint your AI agents connect to
  • AI Models - Which LLMs are configured (GPT-4, Claude, Llama)
  • Risk Flags - Shell access, filesystem access, unverified sources
⚠️  2 SECRET(S) DETECTED - IMMEDIATE ACTION REQUIRED

[CRITICAL] GitHub Personal Access Token
  Location: github-tools  env.GITHUB_TOKEN
  Remediation: https://github.com/settings/tokens  Delete  Recreate

[HIGH] Database Connection String
  Location: postgres-mcp  env.DATABASE_URL
  Remediation: Rotate credentials, use secrets manager

Source-level Scanning (new in v1.1)

mcp-audit scan inventories MCP server configurations. The new mcp-audit source-scan command goes one level deeper — it reads the MCP server's own source code and flags code-level vulnerabilities the server author may have introduced.

Today it catches the "Prompt In, Shell Out" attack chain: an MCP server that pipes an LLM-controlled tool argument into a shell-spawning API (child_process.exec, util.promisify(exec), subprocess.run(shell=True), os.system, os.popen) without sanitization. An attacker controlling the LLM input can inject shell metacharacters and execute arbitrary code on the host running the MCP server.

$ mcp-audit source-scan ./packages/my-mcp-server

MCP source-scan: packages/my-mcp-server
1 critical · 0 high · 1 finding(s) total

  Severity  Conf  File:Line      API                                          Snippet
  CRITICAL  high  server.js:19   util.promisify(child_process.exec) ...       const { stdout } = await execAsync(

Outputs:

  • --format table (default, human-readable)

FAQ

Q: What does scan look at? A: README says it inventories MCP server configurations and summarizes access.

Q: When should I use source-scan? A: Use it for in-house or unverified servers to catch code-level risks.

Q: What output fits CI? A: JSON for parsing, or SARIF/CycloneDX when integrating with security tooling.

🙏

Source et remerciements

Source: https://github.com/apisec-inc/mcp-audit > License: MIT > GitHub stars: 149 · forks: 37

Fil de discussion

Connectez-vous pour rejoindre la discussion.
Aucun commentaire pour l'instant. Soyez le premier à partager votre avis.

Actifs similaires