Analyzes composer.json and composer.lock files to extract project metadata and identify known vulnerabilities (CVEs) in project dependencies.
Audits .env configuration files for security misconfigurations such as enabled debug modes, missing application keys, and insecure session settings.
Performs comprehensive security audits on Laravel projects, including route analysis, Blade template scanning for XSS, and configuration verification.
Executes static code analysis on PHP files to detect risky patterns like SQL injection, Remote Code Execution (RCE), and hardcoded credentials.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Laraguard MCPrun a full security audit on this Laravel project"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Laraguard MCP
A security audit MCP server for Laravel projects β built with TypeScript and stdio transport.
Overview
Laraguard MCP is a standalone Model Context Protocol (MCP) server that performs security audits on Laravel projects. It is implemented in pure TypeScript using the official @modelcontextprotocol/sdk and communicates over stdio, making it natively compatible with any MCP-capable IDE or client (Cursor, Claude Desktop, VS Code MCP extensions, etc.).
The server analyses a Laravel project as an external target β it does not require Laravel to be running. It returns structured JSON findings categorised by severity, covering configuration issues, risky code patterns, and dependency hygiene.
Features
π Static code scanning β 15+ rules covering SQL injection, RCE, hardcoded credentials, weak crypto, mass assignment, and LFI
π Blade XSS scanner β detects unescaped
{!! !!}output and raw input rendering in templatesπ£οΈ Route & middleware audit β flags admin routes without auth, API routes without auth:sanctum, login routes without throttle, and CSRF exceptions
π¦ Dependency CVE feed β queries the OSV.dev API for real CVEs across all
composer.lockpackagesβοΈ Configuration audit β inspects
.env(DEBUG, APP_KEY, APP_ENV, secure cookies) andconfig/cors.phpποΈ Project metadata β reads
composer.jsonto identify Laravel and PHP version constraintsπ₯ Active attack simulation β fires HTTP probes (SQL injection, XSS, CSRF, auth bypass, rate limiting) against a running app
π Path traversal prevention β strict allowlist enforcement for all file operations
βοΈ Secret redaction β sensitive values are masked in textual output before reaching the MCP client
π stdio transport β zero-config network; works inside any IDE that supports MCP
MCP Tools
The server exposes 8 tools. All static tools accept a single path parameter. attack_simulate additionally requires a baseUrl.
Tool | Input | Description |
|
| Returns metadata from |
|
| Parses |
|
| Inspects |
|
| 15+ static pattern rules across all PHP files β credentials, weak crypto, mass assignment, RCE, LFI, SQL injection. |
|
| Scans |
|
| Audits route files and middleware for missing auth, missing throttle, and CSRF exception wildcards. |
|
| Fires 6 live HTTP probes against a running app: SQL injection, XSS, CSRF, auth bypass, rate limiting, error disclosure. |
|
| Runs |
Code Scan β Detected Patterns
Pattern | Severity | Finding Type |
| High |
|
| Medium |
|
| Critical |
|
| Critical |
|
| Critical |
|
| Critical |
|
| Critical |
|
Long hardcoded tokens/secrets | High |
|
| High |
|
| Medium |
|
| High |
|
| Critical |
|
| Critical |
|
Audit Report Schema
Every tool returns a structured JSON report:
{
"summary": {
"critical": 0,
"high": 1,
"medium": 2,
"low": 0,
"info": 1
},
"findings": [
{
"severity": "high",
"type": "SQL_INJECTION",
"title": "Potential SQL injection via whereRaw",
"file": "app/Http/Controllers/UserController.php",
"line": 42,
"evidence": "->whereRaw('email = ' . $email)",
"recommendation": "Avoid raw SQL with user input. Use parameter binding/query builder."
}
],
"metadata": {
"scannedPath": "/absolute/path/to/laravel-project",
"engine": "Laraguard MCP",
"version": "3.0.0",
"timestamp": "2025-01-01T00:00:00.000Z",
"durationMs": 312
}
}Architecture
src/
βββ index.ts β MCP server bootstrap and tool registration
βββ config.ts β Environment variable loading and validation
βββ security.ts β Path allowlist enforcement and secret redaction
βββ files.ts β Safe file enumeration and reading
βββ tools.ts β Audit tool implementations
βββ reports.ts β Report aggregation and severity summarization
βββ types.ts β Domain types (Finding, AuditReport, Severity, etc.)Runtime stack:
Component | Technology |
Runtime | Node.js 20+ |
Language | TypeScript 5.x |
Protocol | Model Context Protocol (MCP) |
Transport |
|
Schema validation | Zod |
MCP SDK |
|
Requirements
Node.js 20 or higher
npm 10 or higher
Verify your environment:
node -v
npm -vInstallation
Clone the repository and install dependencies:
git clone https://github.com/ecr17dev/Laraguard-MCP.git
cd "Laraguard MCP"
npm installConfiguration
Copy the example environment file and customise it:
cp .env.example .envEnvironment Variables
Variable | Default | Description |
| β | Single allowed root path for project scanning. |
| β | Comma-separated list of allowed root paths. Takes precedence over |
|
| Maximum number of files to enumerate per scan. |
|
| Maximum file size (in bytes) to read per file. |
|
| Logical timeout for audit operations. |
Priority order:
MCP_BASE_PATHSβMCP_BASE_PATHβ current working directory.
Example .env
# Allow scanning two project roots
MCP_BASE_PATHS="/Users/yourname/projects/my-laravel-app,/srv/workspaces/api"
# Scan limits
MCP_MAX_FILES=5000
MCP_MAX_FILE_SIZE_BYTES=300000
MCP_TIMEOUT_SECONDS=30Development
Available Scripts
Command | Description |
| Runs the MCP server directly from TypeScript source using |
| Compiles TypeScript to |
| Runs the compiled server from |
| Type-checks the project without emitting output |
Running in Development Mode
npm run devBuilding for Production
npm run check # Validate types first
npm run build # Emit to dist/
npm run start # Run compiled outputIntegration with MCP Clients
Generic MCP Configuration (JSON)
Add the following to your MCP client's configuration file, replacing the path with the absolute path to your installation:
{
"mcpServers": {
"laraguard": {
"command": "node",
"args": ["/absolute/path/to/Laraguard MCP/dist/index.js"],
"env": {
"MCP_BASE_PATHS": "/absolute/path/to/your-laravel-project"
}
}
}
}Using Development Mode (tsx)
If you prefer to run without building first:
{
"mcpServers": {
"laraguard": {
"command": "npx",
"args": ["tsx", "/absolute/path/to/Laraguard MCP/src/index.ts"],
"env": {
"MCP_BASE_PATHS": "/absolute/path/to/your-laravel-project"
}
}
}
}Cursor IDE
Open Settings β MCP and paste the JSON block above. Cursor will detect the server on the next reload.
Claude Desktop
Edit ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) and add the laraguard entry under mcpServers.
Tool Usage Reference
project_info
{ "path": "/absolute/path/to/laravel-project" }Returns basic project metadata without performing any security checks. Use it to confirm the target is a valid Laravel project and inspect framework and PHP version constraints before auditing.
dependency_audit
{ "path": "/absolute/path/to/laravel-project" }Parses composer.lock, extracts all locked package names and versions, and queries the OSV.dev for known CVEs. Each vulnerability is returned as a finding with:
CVE/GHSA identifier and summary
Severity (mapped from CVSS score)
Affected package version and recommended fix version
Direct link to the advisory page
config_audit
{ "path": "/absolute/path/to/laravel-project" }Check | File | Severity |
|
| High |
|
| Medium |
|
| Critical |
|
| Medium |
Wildcard CORS origin ( |
| Medium |
code_scan
{ "path": "/absolute/path/to/laravel-project" }Performs line-by-line static analysis across all PHP files. Returns every matching finding with file path, line number, and evidence snippet. See the Code Scan β Detected Patterns table above for the full rule set.
blade_scan
{ "path": "/absolute/path/to/laravel-project" }Scans all .blade.php files under resources/views/ for XSS-prone output patterns:
Check | Severity |
| High |
| Critical |
| High |
route_audit
{ "path": "/absolute/path/to/laravel-project" }Reads routes/web.php, routes/api.php, and app/Http/Middleware/VerifyCsrfToken.php:
Check | File | Severity |
Admin/dashboard route without |
| Critical |
API route without |
| High |
Login/register route without | Route files | Medium |
Wildcard pattern in |
| High |
attack_simulate
{
"path": "/absolute/path/to/laravel-project",
"baseUrl": "http://localhost:8000"
}β οΈ Only use against local or staging environments. Never run against production.
Fires 6 live HTTP probes against the running application:
Probe | Method & Endpoint | What it Tests |
|
| Framework/stack-trace info leakage |
|
| SQL injection in login form |
|
| Reflected XSS in search/query params |
|
| CSRF token enforcement (expects HTTP 419) |
|
| Unauthenticated access to protected API |
| 10Γ rapid | Brute-force rate limiting (expects HTTP 429) |
The report includes a probes metadata array with the status code, duration, and triggered state for every probe.
full_audit
{ "path": "/absolute/path/to/laravel-project" }Runs dependency_audit, config_audit, code_scan, blade_scan, and route_audit in parallel and merges all findings into a single consolidated report. The metadata includes per-section summaries.
Security Design
Laraguard MCP implements the following controls to ensure it operates safely even when handling untrusted project paths:
Strict path allowlisting β all file access is validated against
MCP_BASE_PATHS/MCP_BASE_PATH; path traversal attempts are rejected immediately.File count limit β configurable cap (
MCP_MAX_FILES) prevents runaway enumeration on large monorepos.File size limit β configurable cap (
MCP_MAX_FILE_SIZE_BYTES) prevents memory exhaustion from binary or generated files.Directory and extension exclusions β
vendor/,node_modules/,.git/, and binary file types are excluded from scans.Secret redaction β sensitive values (passwords, tokens, keys) are masked in textual output before being returned to the MCP client.
Attack simulation guard β
attack_simulatealways targets only the explicitly providedbaseUrl; no automated discovery or production detection is performed.
Important Notes
Laraguard MCP analyses a Laravel project as an external auditor β the Laravel application itself does not need to be running for static tools.
attack_simulaterequires the application to be running and should never target production.The server is framework-agnostic at the transport level: any client that supports MCP stdio can use it.
All findings are informational. Always combine automated scanning with manual code review and dedicated DAST/SAST tooling (OWASP ZAP, Burp Suite) for production security assessments.
License
This project is licensed under the MIT License. See LICENSE for details.
Resources
Looking for Admin?
Admins can modify the Dockerfile, update the server description, and track usage metrics. If you are the server author, to access the admin panel.