Scan your Claude Desktop, Cursor, or VS Code MCP configs for leaked credentials.
Detect malicious or tampered MCP servers before they compromise your AI agent.
Find dangerous combinations of MCP servers, like file-read paired with network access.
Generate a security report in SARIF or JSON for GitHub's security tab or a SIEM.
| adudley78/mcp-audit | 0-bingwu-0/live-interpreter | 0xkaz/llm-governance-dashboard | |
|---|---|---|---|
| Stars | 2 | 2 | 2 |
| Language | Python | Python | Python |
| Setup difficulty | easy | moderate | hard |
| Complexity | 3/5 | 2/5 | 4/5 |
| Audience | developer | general | ops devops |
Figures from each repo's GitHub metadata at analysis time.
Install with pip, then run a single command, live server inspection and signature verification need optional extras.
MCP, short for Model Context Protocol, is the system that lets AI coding assistants connect to external tools, files, APIs, and databases. When something is misconfigured or malicious in that connection layer, the AI agent can quietly leak credentials or behave in ways the developer never intended, without anything showing up in the interface. mcp-audit is a Python command-line tool that scans local MCP configuration files for these problems before they cause harm. The scanner automatically finds MCP configuration files across eight AI coding clients, including Claude Desktop, Cursor, VS Code, Windsurf, Claude Code, and GitHub Copilot CLI. It then checks those configurations for a range of security issues: tool poisoning, where a server tries to manipulate AI behavior through hidden instructions, exposed credentials for services like AWS, GitHub, OpenAI, Anthropic, Stripe, and Slack, insecure transport settings such as unencrypted connections or elevated privileges, and supply chain risks like typosquatted package names or packages whose contents changed since they were last reviewed. It can also connect to running servers directly to inspect what an AI agent actually sees at runtime, and it keeps a history of tool descriptions so it can flag a legitimate server that later swaps in different behavior. Beyond checking one server at a time, it detects dangerous combinations across multiple servers, for example a server with file-read access paired with one that can send network requests, and it can suggest the smallest set of servers to remove to break every risky path. An interactive visual dashboard lets a user explore these attack paths in a browser. Results can be exported in several formats, including plain terminal output, JSON, SARIF for GitHub's security tab, and a self-contained HTML report, and it can feed results into enterprise vulnerability management systems. The tool runs entirely offline by default, collects no telemetry, and every feature is available for free with no paid tier. It is installed with pip and released under the Apache 2.0 license. The full README is longer than what was shown.
A free command-line scanner that checks your AI coding tools' MCP server connections for leaked credentials, tampering, and security risks.
Mainly Python. The stack also includes Python, CLI, MCP.
Use freely for any purpose, including commercial use, as long as you keep the copyright notice and state changes made.
Setup difficulty is rated easy, with roughly 5min to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.