mcp-security-validator

What problem does it solve?

The MCP Security Validator provides a thorough, production-oriented security review for MCP code, servers, and tools to detect vulnerabilities, unsafe configurations, and secrets before deployment. It helps teams identify OWASP Top 10 issues, unsafe input handling, hardcoded credentials, path traversal, and missing rate limiting so incidents are prevented early.

Core Features & Use Cases

• OWASP Top 10 checks: Automated heuristics and patterns to detect injection, XSS, insecure deserialization, and related high-impact issues.
• Input validation & sanitization guidance: Concrete patterns and recommended libraries (e.g., Pydantic) to enforce typed, constrained inputs and remove dangerous payloads.
• Config & deployment validation: YAML-based configuration recommendations for rate limiting, CORS, TLS, auth, and audit logging.
• Automated scanner output: Structured JSON scan results with severity buckets (critical/high/medium/low), line references, and remediation steps for each finding.
• Operational checklist & remediation: A final checklist for production readiness and explicit remediation instructions for discovered issues.
• Use Case Example: Audit an MCP API repo prior to release to ensure no hardcoded secrets, parameterized queries only, and proper rate limiting and logging.

Quick Start

Scan my MCP repository for OWASP Top 10 vulnerabilities and return a JSON report with categorized severities and remediation steps.