How do I use websec-auditor?

1. Click on "Install Server". 2. Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state. 3. In the chat, type @ followed by the MCP server name and your instructions, e.g., "@websec-auditor audit https://example.com" That's it! The server will respond to your query, and you can continue using it as needed. Here is a step-by-step guide with screenshots.

websec-auditor

by sheiscypher

Overview Schema Related Servers Score Discussions

Python

Hybrid

Website Trust & Exposure Auditor

Passive, non-intrusive Website Trust & Exposure Auditor tool connected to Claude Desktop via MCP.

🔗 Live dashboard → sheiscypher.github.io/websec-search-auditor

Main command:

audit https://example.com

Produces: global score, risk prioritisation, remediation plan, HTML report, business impact, technical evidence.

Audit modules

Module	Checks
Security	HTTP Headers, TLS, Exposed Files, CMS + CVE
SEO	Meta tags, E-E-A-T, JSON-LD, Technical SEO
AI Surface	llms.txt, AI crawlers, MCP endpoint
Email	SPF, DKIM, DMARC
Vibe Coding Risk	15 signals of AI-developed code without security review
GDPR / RGPD	CMP, Trackers, Legal pages
Supply Chain	JS Libraries, CDN, SRI
Accessibility	WCAG / RGAA
DNS Security	DNSSEC, CAA
Secrets Exposure	API Keys, JWT, Sensitive files

Local installation (Claude Desktop)

git clone https://github.com/sheiscypher/websec-search-auditor
cd websec-search-auditor
pip install -r requirements.txt
cp .env.example .env
# Fill in .env if needed

Add to ~/Library/Application Support/Claude/claude_desktop_config.json:

{
  "mcpServers": {
    "websec-auditor": {
      "command": "python",
      "args": ["/absolute/path/to/websec-search-auditor/server.py"],
      "env": {}
    }
  }
}

Restart Claude Desktop. Type audit https://yoursite.com.

Deployment

Backend (Render)

Create a Web Service on render.com
Connect this GitHub repo
Render auto-detects render.yaml
Add JWT_SECRET env variable in Render Dashboard
Optional: NVD_API_KEY for CVE lookups

Dashboard (GitHub Pages)

Go to Settings > Pages in the repo
Source: GitHub Actions
Add VITE_API_URL variable in Settings > Environments > github-pages
Build triggers automatically on every push to main

Security

Passive audit only — no modification of the target site
Built-in SSRF protection
Built-in indirect prompt injection protection
28/28 security tests passing

Licence

AGPL v3 — see SPEC-LICENSE

This server cannot be installed

license - not found

quality - not tested

maintenance

How are these scores calculated?

Resources

GitHub Repository

Need Help?

Related Servers

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/sheiscypher/websec-search-auditor'

If you have feedback or need assistance with the MCP directory API, please join our Discord server