Skills
.Work. You
Rest

mcp-security-audit

Community

Audit MCP configs for security flaws

Legal & Compliance#security#mcp#governance#secrets#supply-chain#configuration-audit#shell-injection
Authorselfagency
Version1.0.0
Installs0

System Documentation

What problem does it solve?

Prevents insecure MCP server configurations from exposing secrets, enabling shell injection, or introducing supply-chain risk during agent tool execution.

Core Features & Use Cases

  • Secrets Exposure Detection: Finds hardcoded credentials and tokens embedded in MCP server args or config env fields.
  • Shell Injection Pattern Detection: Flags dangerous command construction patterns that could lead to command execution or reverse-shell behavior.
  • Supply-Chain Risk Checks: Identifies unpinned versions such as @latest usage and highlights potentially interactive npx invocation behavior in CI.
  • Use Case: Before deploying an agent that uses MCP tools, scan a project’s .mcp.json to produce a severity-based report and clear remediation guidance.

Quick Start

Ask the AI to audit your project's .mcp.json for hardcoded secrets, shell injection patterns, unpinned versions, and unapproved MCP server registrations.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: mcp-security-audit
Download link: https://github.com/selfagency/agentsy/archive/main.zip#mcp-security-audit

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.