Eren Security Auditor — MCP Server

Eren Security Auditor — MCP Server

AI-powered code security auditor exposed via the Model Context Protocol (MCP). Scans GitHub repositories for vulnerabilities using LLM-powered analysis and returns structured findings with OWASP Top 10 and CWE references.

Tools

Quick Start

Streamable HTTP (remote clients, MCP directories)

pip install mcp
AUDIT_ENDPOINT=https://your-api-host AUDIT_API_KEY=your-key python server.py --transport streamable-http --port 8200

Server runs at http://localhost:8200/mcp.

stdio (Claude Desktop, local MCP clients)

pip install mcp
AUDIT_ENDPOINT=https://your-api-host AUDIT_API_KEY=your-key python server.py --transport stdio

Claude Desktop Configuration

Add to ~/.claude/settings.json:

{
  "mcpServers": {
    "security-audit": {
      "command": "python",
      "args": ["path/to/server.py", "--transport", "stdio"],
      "env": {
        "AUDIT_ENDPOINT": "https://your-api-host",
        "AUDIT_API_KEY": "your-key"
      }
    }
  }
}

Docker

docker build -t mcp-security-audit .
docker run -p 8200:8200 -e AUDIT_ENDPOINT=https://your-api-host -e AUDIT_API_KEY=your-key mcp-security-audit

Environment Variables

Example Usage

Once connected via an MCP client:

> Use security_scan to audit https://github.com/juice-shop/juice-shop

Scanning juice-shop/juice-shop (master branch)...
Found 47 findings across 200 files.

Risk Score: 72/100

Critical: 3 | High: 8 | Medium: 15 | Low: 12 | Info: 9

Top findings:
- [CRITICAL] SQL Injection in /routes/search.ts (CWE-89)
- [CRITICAL] Insecure JWT Secret (CWE-798)
- [HIGH] XSS via DOM manipulation in /frontend/src/... (CWE-79)

How It Works

MCP Client → MCP Server (this repo) → Audit API → Clone repo → LLM scan → Findings

The server proxies tool calls to the Eren Security Auditor API, which:

1. Clones the target repository
2. Scans source files using LLM-powered analysis
3. Categorizes findings by OWASP Top 10 and CWE
4. Generates risk scores and remediation guidance

License

MIT