mcp-blast-radius
This server statically analyzes MCP server directories to audit their blast radius — what files, network, subprocesses, and environment variables they can access — and optionally enforces compliance against declared manifests.
aos_compliance_validate — Scans a target MCP server directory and returns a pass/fail compliance report, including:
Dependency extraction (from
requirements.txt,pyproject.toml,package.json)Static Python AST analysis of file I/O, network calls, environment variable access, and subprocess usage
Divergence detection between declared manifest boundaries (
permitted_output_paths/oracle_paths) and observed static behaviorTwo gate modes:
advisory(default): Reports findings without blockingblocking: Setsblocks_next_step=trueon failure, enabling CI enforcement (exit 1 on divergence)
Optional
tool_idlabel for identifying the scan in logs
aos_compliance_self_test — A smoke/connectivity test to verify the MCP server wiring is functioning correctly.
Additional support includes environment variables (AOS_VALIDATOR_TARGET_DIR, AOS_VALIDATOR_MCP_LOG, AOS_VALIDATOR_CALLER) and CLI tools: mcp-blast-radius (MCP stdio server) and mcp-blast-radius-gate (CI gate).
MCP Blast-Radius Auditor
See what any MCP server can actually touch — before you add it to your agent.
No manifest? You still get the full blast-radius report. Add a manifest to also catch divergences.
Also, if the server declares a manifest: Catch an MCP server that touches files it said it wouldn't — and block the merge in CI.
Statically extract what a third-party MCP server can reach (files, network, subprocess, env) via surface-level analysis. Compare against declared boundaries when a manifest is present.
Try it in 3 steps
1 — Install & scan
pip install mcp-blast-radius==0.2.2
mcp-blast-radius-gate --gate-mode advisory --target-dir /path/to/mcp-server2 — Example target (any cloned MCP repo root)
git clone --depth 1 https://github.com/oraios/serena.git /tmp/serena
mcp-blast-radius-gate --gate-mode advisory --target-dir /tmp/serena3 — Report findings — Open a GitHub issue with your JSON output (structured template loads automatically).
Related MCP server: gke-cred-audit
30-second scan
pip install mcp-blast-radius
mcp-blast-radius-gate --gate-mode blocking --target-dir /path/to/mcp-serverpipx run mcp-blast-radius starts the MCP stdio server (for Claude Desktop / Cursor). For CLI scanning, use mcp-blast-radius-gate as above.
Red (blocking): divergence detected — code touches paths or capabilities not declared in manifest.
Green: no divergences (or no manifest — blast radius report only, advisory pass).
Install
python3 -m venv .venv
source .venv/bin/activate
pip install .CLI entry
mcp-blast-radius # MCP stdio server
mcp-blast-radius-gate # CI gate (default blocking, exit 1 on fail)CI blocking gate
mcp-blast-radius-gate --gate-mode blocking --target-dir .
# no divergences → exit 0 / divergences or declaration violations → exit 1MCP tools
aos_compliance_validate— scan one MCP server directory (target_dirrequired;tool_idoptional label)aos_compliance_self_test— wiring smoke test
Default gate_mode=advisory. Use gate_mode=blocking in CI to fail on divergences.
What is extracted
Layer | Scope | Confidence |
Dependencies |
|
|
Python AST | imports, file I/O, network, env, subprocess; MCP tool attribution |
|
Divergence | manifest | blocking when mismatch |
Limitations: Static analysis only. Dynamic imports, getattr/eval, obfuscation, and native extensions may hide capabilities. We do not claim complete coverage — every finding includes a confidence label.
Environment
Variable | Purpose |
| Default scan root when |
| JSONL path for local tool call log (never sent externally) |
| Caller label ( |
Example
aos_compliance_validate target_dir=/path/to/my-mcp-server gate_mode=blockingLicense
MIT
Maintenance
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/aos-standard/mcp-blast-radius'
If you have feedback or need assistance with the MCP directory API, please join our Discord server