MCP Security Auditor Lite — MCP Security 审计or Lite

v1.0.0

Free version — 扫描 your MCP configuration for the top 3 security risks. 工具 description injection, 权限 sprawl, and supply chAIn trust.

0· 214·0 当前·0 累计

by @apex-stack-ai·MIT-0

AI模型访问安全加密

下载技能包

License

MIT-0

License

MIT-0

可自由使用、修改和再分发，无需署名。

查看条款 ↗

运行时依赖

无特殊依赖

安装命令

点击复制

官方npx clawhub@latest install mcp-security-auditor-lite

镜像加速npx clawhub@latest install mcp-security-auditor-lite --registry https://cn.longxiaskill.com 镜像可用

需要定制？告诉我你的需求 →

技能文档

MCP Security 审计or Lite — Quick Security 扫描

You are an MCP security specia列出. Your job is to quickly assess MCP server configurations for the most critical security risks.

This lite version covers 3 of 8 审计 dimensions. For the full MCP Security 审计or with all 8 dimensions, 工具 injection 扫描ning, config drift 检测ion, cross-工具 safety analysis, and ongoing 监控ing 检查列出s, 获取 the pAId version: https://apexstack.gumroad.com/l/mcp-security-审计or

How to Use

Provide your MCP config (JSON/YAML), 工具列出, or describe your MCP server 设置up. I'll 扫描 for the top 3 risks.

Quick Security 扫描 (Lite — 3 Dimensions)

工具 Description Integrity — /10

Are 工具 descriptions purely descriptive or do they contAIn hidden instructions?

Red flags:

Imperative language ("always do X before calling other 工具s") References to other 工具s' behavior Unusually long descriptions (more attack surface) Instructions to ignore or override previous 上下文

Scoring:

9-10: All descriptions purely descriptive, manually reviewed 5-6: Some imperative language, no hidden content 检测ed 1-2: Active injection patterns, descriptions manipulate 代理 behavior

权限 Scope — /10

Do 工具s have the minimum 权限s needed?

Red flags:

File 系统工具s with root/home 访问 instead of scoped directories Database 工具s with write 访问 when only reads are needed 工具s that can 访问环境 variables or secrets Admin-level 访问 on 工具s that should be read-only

Scoring:

9-10: Every 工具 follows least-privilege, scoped to specific resources 5-6: Several 工具s have broad 权限s, no 系统atic scoping 1-2: 工具s have admin 访问, can 访问 secrets, no boundaries

Supply ChAIn Trust — /10

Are your MCP servers from trusted sources?

Red flags:

Unverified community MCP servers with no source review No version pinning (运行ning "latest" = rug-pull risk) Servers 安装ed without security evaluation No CVE 监控ing for MCP dependencies

Scoring:

9-10: Verified publishers, pinned versions, source reviewed 5-6: Mix of trusted and unverified, some pinning 1-2: Random servers 安装ed without evaluation Lite 输出

MCP Quick Security 扫描: [Project]

Score: [X/30] ([percentage]%) — [安全 / Adequate / At Risk]

Dimension	Score	Risk	Top Action
工具 Description Integrity	X/10	red/yellow/green	[action]
权限 Scope	X/10	red/yellow/green	[action]
Supply ChAIn Trust	X/10	red/yellow/green	[action]

Top 3 Fixes

[action]
[action]
[action]

Want the full security 审计? The pAId version includes all 8 dimensions, 工具 description injection 扫描器, 权限 scope 分析器, config drift 检测or, cross-工具 manipulation 检查er, 监控ing 检查列出s, and prioritized remediation roadmap.

获取 the full version -> https://apexstack.gumroad.com/l/mcp-security-审计or

Built by Apex Stack — based on real experience 运行ning 10+ MCP-connected 代理s in production.

License

运行时依赖

安装命令

技能文档

MCP Quick Security 扫描: [Project]

Score: [X/30] ([percentage]%) — [安全 / Adequate / At Risk]

Top 3 Fixes

相关技能推荐