Bawbel MCP Server

Security scanner for MCP servers and agentic AI components, exposed as MCP tools.

Bawbel MCP Server lets any MCP-compatible agent scan servers, check skill files, score conformance, manage justified suppressions, and query the AVE threat intelligence database mid-conversation.

Install

pip install bawbel-mcp

Or with all detection engines (YARA, Semgrep, LLM, Magika, Sandbox):

pip install "bawbel-mcp[all]"

Tools

Resources

Usage

Claude Desktop

Add to claude_desktop_config.json:

{
  "mcpServers": {
    "bawbel": {
      "command": "uvx",
      "args": ["bawbel-mcp"]
    }
  }
}

Claude Code

claude mcp add bawbel uvx bawbel-mcp

Cursor / Windsurf

Add to your MCP settings:

{
  "bawbel": {
    "command": "uvx",
    "args": ["bawbel-mcp"]
  }
}

Remote deployment (Streamable HTTP)

uvx bawbel-mcp --transport streamable-http --host 0.0.0.0 --port 8000

Example conversations

Scan a server before connecting:

"Before I add this MCP server to my config, scan it for security issues: https://api.some-mcp-server.com"

Claude calls scan_server_card("https://api.some-mcp-server.com") and reports findings with AVE IDs, AIVSS severity scores, and remediation steps.

Check a skill file:

"Check this skill file content for prompt injection vulnerabilities"

Claude calls scan_content(content) and returns findings including any toxic flow chains detected.

Check for hardcoded credentials:

"Does this skill file contain any hardcoded API keys or secrets?"

Claude calls scan_creds(content) and returns credential findings only.

Check for unsafe delegation:

"Does this skill spawn sub-agents without proper trust boundaries?"

Claude calls scan_chain(content) and returns delegation chain findings.

Accept a false positive:

"Mark AVE-2026-00001 on line 7 of travel.md as a false positive. Reason: internal registry endpoint, not attacker-controlled."

Claude calls accept_finding(...) and writes the justified suppression comment directly into the file. The approval is tracked in version control.

Score a server against the spec:

"Does this server follow the MCP spec? https://api.some-mcp-server.com"

Claude calls check_conformance("https://api.some-mcp-server.com") and returns a score, grade, and list of failed checks.

Look up a vulnerability:

"What is AVE-2026-00041 and how do I fix it?"

Claude calls lookup_ave("AVE-2026-00041") and returns the full record with behavioral fingerprint, IOCs, and remediation steps.

Search for relevant vulnerabilities:

"What AVE records cover credential exfiltration?"

Claude calls search_ave("credential exfiltration") and returns matching records with AIVSS scores and OWASP MCP categories.

Audit mode - see all findings including suppressed:

"Scan this file and show me everything, including suppressed findings."

Claude calls scan_content(content, no_ignore=True) and bypasses all suppression layers.

Requirements

• Python 3.10+

• bawbel-scanner>=1.2.2 (installed automatically)

• fastmcp>=3.0.0 (installed automatically)

The bawbel CLI must be available in PATH. Installing bawbel-mcp installs bawbel-scanner which provides the bawbel CLI.

Related

• bawbel-scanner - CLI scanner

• bawbel/ave - AVE standard and records

• api.piranha.bawbel.io - Threat intel API

• bawbel.io/docs - Full documentation

Apache 2.0. Built by Bawbel.