mcp-auditor
CommunityAudit MCP tool configs for poisoned descriptions.
Software Engineering#mcp#threat-modeling#security-audit#tool-descriptions#config-audit#poisoning-patterns
Authorthejordanleopold
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Auditing MCP tool configurations and descriptions for hidden instructions, untrusted endpoints, and exfiltration risks to reduce supply-chain and runtime threats.
Core Features & Use Cases
- Detects poisoned tool descriptions, malicious tool registrations, and rug-pull risk in MCP configurations across multiple agents.
- Enumerates and validates MCP server entries, flags insecure endpoints (HTTP vs HTTPS), and identifies credential exposure in configs.
- Use Case: Before adding a new MCP server to any agent, run this skill to audit and lock down trusted servers.
Quick Start
Run the audit-mcp-configs.sh script to enumerate, classify, and report MCP config risks across your environment.
Dependency Matrix
Required Modules
None requiredComponents
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: mcp-auditor Download link: https://github.com/thejordanleopold/claude-code-skills-distilled/archive/main.zip#mcp-auditor Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.