Dev ToolsTypeScriptCLI

mcp-audit

Security scanner for MCP servers

Statically analyze MCP servers for security issues before installation. Detects file writes, shell execution, eval, network requests, and secret access. Generates A/B/C/F grades and SARIF reports.

View on GitHub →Latest Release (v0.1.0)
Binary Size
85 KB
RAM Footprint
45 MB
Startup Latency
200ms
Estimated Stars
★ 0
Total Downloads
0
Multimedia UI Mockup
Sovereign Console Interface View

Sovereign Connection Flow

Package Fetch ➔ AST Parser ➔ Pattern Matcher ➔ Grade Calculator ➔ Report Renderer

Interactive Manual

Scan an npm package

Downloads and analyzes the package, prints a grade and findings table.

mcp-audit scan @modelcontextprotocol/server-filesystem

Standard CLI One-liner Install:

npm install -g mcp-audit

Frequently Asked Questions

Press Kit Briefing

One-sentence summary and details for newsletters, campaigns, and media.

Name: mcp-audit

Tagline: Security scanner for MCP servers

Summary: A static security scanner for MCP servers that grades packages A–F and exports SARIF reports before you install them.

Source: https://github.com/sovereign-shovels/mcp-audit

License: Apache-2.0