Mcp Security Audit
Skill by aptratcn
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/aptratcn/mcp-security-auditname: skill-mcp-security-audit description: Security audit for MCP (Model Context Protocol) servers. Detect data exfiltration risks, command injection, permission escalation, and supply chain vulnerabilities before adding MCP servers to your agent. Trigger on: 'audit MCP', 'MCP security', 'check MCP server', 'scan MCP'. metadata: openclaw: requires: {}
MCP Security Audit š
Don't blindly trust MCP servers. Audit them first.
The Problem
MCP (Model Context Protocol) servers give AI agents powerful capabilities - file access, API calls, code execution. But they can also:
- Exfiltrate data to external servers
- Execute arbitrary commands on your machine
- Access files beyond intended scope
- Chain vulnerabilities for privilege escalation
Real incident: CVE-2026-23744 exposed MCP injection vulnerabilities. Supply chain attacks via compromised MCP packages are a growing threat.
Quick Audit Checklist
1. Source Verification ā
ā” Is this an official/verified package?
ā” Check npm/PyPI download counts and maintainer history
ā” Review recent commits for suspicious changes
ā” Verify package signature if available
2. Network Audit š
ā” List all external URLs/domains the MCP connects to
ā” Check for hardcoded API endpoints
ā” Verify TLS certificate validation is enabled
ā” Flag any data sent to unknown domains
3. File Access Audit š
ā” What directories can the MCP read/write?
ā” Is access scoped to project directory only?
ā” Check for path traversal vulnerabilities
ā” Flag any access to ~/.ssh, ~/.config, env files
4. Command Execution Audit ā”
ā” Does the MCP execute shell commands?
ā” Are commands user-controlled or hardcoded?
ā” Check for command injection vectors
ā” Verify sandboxing/isolation if present
5. Permission Scope Audit š
ā” What permissions does the MCP request?
ā” Are permissions minimal (principle of least privilege)?
ā” Check for excessive scope requests
ā” Verify user consent for sensitive operations
6. Dependency Audit š¦
ā” Run npm audit / pip-audit / cargo audit
ā” Check for known CVEs in dependencies
ā” Flag outdated packages with security fixes
ā” Review transitive dependencies
Audit Commands
For npm-based MCP servers:
# Check package.json for suspicious scripts
cat package.json | jq '.scripts'
# Audit dependencies
npm audit
# Check for post-install scripts
cat package.json | jq '.scripts.postinstall, .scripts.preinstall'
# List network calls (requires grep)
grep -r "fetch\|axios\|http\|https\|ws://" src/ --include="*.js" --include="*.ts"
For Python MCP servers:
# Check requirements.txt for suspicious packages
cat requirements.txt
# Audit dependencies
pip-audit
# Check for network calls
grep -r "requests\|urllib\|httpx\|aiohttp" src/ --include="*.py"
# Check for subprocess calls
grep -r "subprocess\|os.system\|exec\|eval" src/ --include="*.py"
Risk Scoring
Metadata
Not sure this is the right skill?
Describe what you want to build ā we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-aptratcn-mcp-security-audit": {
"enabled": true,
"auto_update": true
}
}
}Related Skills
xiaobai-workflow-enforcer
Xiaobai Workflow Enforcer - Mandatory workflows for AI Agents. Design before code. Test before implement. Verify before claim. Inspired by Superpowers (161K stars).
Aptratcn Prompt Guard
Skill by aptratcn
cognitive-debt-guard
Cognitive Debt Guard - Prevent the 23.5% incident spike from AI-generated code. Comprehension gates, review frameworks, and AI-free zones. Based on 2026 research.
deep-research-suite
Deep Research Suite - One command to aggregate, analyze, and synthesize research from multiple sources. Search ā Extract ā Summarize ā Report.
deep-research-suite
Deep Research Suite - One command to aggregate, analyze, and synthesize research from multiple sources. Search ā Extract ā Summarize ā Report.