mcp-audit

Version updated for https://github.com/adudley78/mcp-audit to version v0.5.1.

  • This action is used across all versions by 1 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

mcp-audit is a privacy-first security scanner designed to analyze local MCP (Model Context Protocol) server configurations and running instances to identify security vulnerabilities. It automates the detection of risks such as tool poisoning, credential exposure, transport security issues, supply chain attacks, and cross-server toxic flows while providing governance tools, interactive dashboards, and detailed reports. This action helps developers secure AI integrations by flagging dangerous configurations and attack paths, ensuring safer development environments.

What’s Changed

mcp-audit v0.5.1

Security scanner for MCP (Model Context Protocol) server configurations. Detects prompt injection, supply chain risks, credential exposure, toxic flow combinations, transport vulnerabilities, and more — across Claude Desktop, Cursor, VS Code, Zed, and any MCP-compatible host.

What’s new in v0.5.1

See CHANGELOG.md for the full change list for this release.

Install

pip install --upgrade mcp-audit-scanner   # PyPI — CLI command: mcp-audit

Or grab a pre-built binary from Assets below (no Python required):

PlatformBinary
macOS (Apple Silicon)mcp-audit-darwin-arm64
macOS (Intel)mcp-audit-darwin-x86_64
Linux x86-64mcp-audit-linux-x86_64
Windows x86-64mcp-audit-windows-x86_64.exe

Use as a GitHub Action

- uses: adudley78/mcp-audit@v0.5.1
  with:
    severity-threshold: high

Full input/output reference in docs/github-action.md.

Pin to a specific release tag (as shown) until a v1.0.0 ships; after v1, @v1 will track the latest 1.x release automatically.

Detection coverage

  • Prompt injection / tool poisoning — 11 patterns, Unicode homoglyph-aware, depth-50 recursion
  • Credential exposure — 9 patterns (AWS, GitHub, Stripe, Slack, and more)
  • Supply chain risk — npm/PyPI provenance, Sigstore signature verification (--verify-signatures), SBOM + OSV.dev CVE scan (--check-vulns)
  • Toxic flow detection — dangerous server combinations (e.g. database + web fetch)
  • SAST — 37 rules across Python (28) and TypeScript (9)
  • Transport security — insecure bindings, wildcard hosts, unverified TLS

Integrations

  • SARIF → GitHub Code Scanning (schema-validated, deduplication-safe)
  • Nucleus Security FlexConnect (mcp-audit push-nucleus)
  • Baseline diffing for CI regression gates (mcp-audit baseline)
  • HTML dashboard — self-contained, no CDN dependencies

Validated against

  • 6 real-world exploit fixtures (Invariant Labs SSH exfiltration, CrowdStrike add_numbers, XML injection, cloud credential theft, behavioral override)
  • 22-server false-positive benchmark — 0% poisoning FP rate on legitimate servers
  • CVSS + OWASP Agentic Top 10 severity mappings on every finding ID

1,414 tests · Apache 2.0 · macOS · Linux · Windows

Full changelog

See CHANGELOG.md.