mcp-audit

Version updated for https://github.com/adudley78/mcp-audit to version v0.3.3.

  • This action is used across all versions by 1 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The mcp-audit GitHub Action is a privacy-focused security scanner designed to analyze MCP (Model Context Protocol) server configurations for vulnerabilities and misconfigurations. It automates the detection of risks such as credential exposure, tool poisoning, unsecure transport configurations, supply chain issues, and multi-server attack paths, helping developers and enterprises secure AI agent environments. Key features include automated configuration discovery, live server analysis, cross-server attack path detection, governance policy enforcement, and support for multiple output formats, making it a comprehensive solution for securing MCP server deployments.

What’s Changed

mcp-audit v0.3.3

Security scanner for MCP (Model Context Protocol) server configurations. Detects prompt injection, supply chain risks, credential exposure, toxic flow combinations, transport vulnerabilities, and more — across Claude Desktop, Cursor, VS Code, Zed, and any MCP-compatible host.

What’s new in v0.3.3

See CHANGELOG.md for the full change list for this release.

Install

pip install --upgrade mcp-audit-scanner   # PyPI — CLI command: mcp-audit

Or grab a pre-built binary from Assets below (no Python required):

PlatformBinary
macOS (Apple Silicon)mcp-audit-darwin-arm64
macOS (Intel)mcp-audit-darwin-x86_64
Linux x86-64mcp-audit-linux-x86_64
Windows x86-64mcp-audit-windows-x86_64.exe

Use as a GitHub Action

- uses: adudley78/mcp-audit@v0.3.3
  with:
    severity-threshold: high

Full input/output reference in docs/github-action.md.

Pin to a specific release tag (as shown) until a v1.0.0 ships; after v1, @v1 will track the latest 1.x release automatically.

Detection coverage

  • Prompt injection / tool poisoning — 11 patterns, Unicode homoglyph-aware, depth-50 recursion
  • Credential exposure — 9 patterns (AWS, GitHub, Stripe, Slack, and more)
  • Supply chain risk — npm/PyPI provenance, Sigstore signature verification (--verify-signatures), SBOM + OSV.dev CVE scan (--check-vulns)
  • Toxic flow detection — dangerous server combinations (e.g. database + web fetch)
  • SAST — 37 rules across Python (28) and TypeScript (9)
  • Transport security — insecure bindings, wildcard hosts, unverified TLS

Integrations

  • SARIF → GitHub Code Scanning (schema-validated, deduplication-safe)
  • Nucleus Security FlexConnect (mcp-audit push-nucleus)
  • Baseline diffing for CI regression gates (mcp-audit baseline)
  • HTML dashboard — self-contained, no CDN dependencies

Validated against

  • 6 real-world exploit fixtures (Invariant Labs SSH exfiltration, CrowdStrike add_numbers, XML injection, cloud credential theft, behavioral override)
  • 22-server false-positive benchmark — 0% poisoning FP rate on legitimate servers
  • CVSS + OWASP Agentic Top 10 severity mappings on every finding ID

1,308 tests · Apache 2.0 · macOS · Linux · Windows

Full changelog

See CHANGELOG.md.