← Back to Skills Marketplace
534422530

Mcp Security Audit

by 534422530 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
30
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install laosi-mcp-security-audit
Description
Performs comprehensive security audits on MCP servers including vulnerability scans, malware detection, compliance checks, and detailed remediation reports.
README (SKILL.md)

name: laosi-mcp-security-audit version: 1.0.0 description: Enterprise-grade MCP server security audit skill for OpenClaw agents - performs comprehensive vulnerability scanning, malware detection, and compliance checking on MCP servers and skills with detailed reporting and remediation guidance author: laosi homepage: https://github.com/laosi/mcp-security-audit-skill tags: [security, mcp, audit, enterprise, compliance, vulnerability-scanning, malware-detection]

Usage Guidance
This package appears to be a straightforward local file scanner and is internally consistent with its stated purpose. Before installing or running it: (1) review the included Python code yourself or with a trusted reviewer (it will read and report secrets found in files under the target path); (2) run it on a copy or in an isolated environment if you are concerned about exposing secrets in output or logs; (3) ensure you pass the intended directory path (it recursively scans the path you supply); (4) verify the publisher/source (the package files reference a GitHub homepage but registry metadata showed none) if you need provenance; and (5) do not run it with elevated privileges on systems you don't fully trust.
Capability Tags
requires-sensitive-credentials
Capability Assessment
Purpose & Capability
The name/description match the actual behavior: audit.py and the CLI wrapper scan files for suspicious patterns, hardcoded credentials, bindings, and logging issues and produce a JSON report. The scanning targets (.py/.js/.env/Dockerfile/etc.) are appropriate for an MCP/server audit. One minor registry inconsistency: the registry metadata provided to you listed no homepage, but the included SKILL.md and claw.json declare a GitHub homepage (small metadata mismatch).
Instruction Scope
The runtime instructions and code operate only on a user-supplied target path and do not attempt to read unrelated system state or environment variables. The auditor scans many common config and source file types (including .env and Dockerfile) which is expected for this purpose. The SKILL.md itself is metadata-only; the actual behavior is implemented in the bundled Python files.
Install Mechanism
No install spec is provided (instruction-only install with included Python scripts). There are no downloads, external packages, or non-standard installation steps declared — the code uses only the Python standard library.
Credentials
The skill requests no environment variables or credentials (appropriate). However, it intentionally reads files that often contain secrets (.env, .env.production, config files) and will include findings referencing those secrets in its output. This is expected for a scanner, but be aware it will surface sensitive data from the scanned path in its report.
Persistence & Privilege
The skill is not 'always' enabled and does not request persistent or elevated privileges, nor does it modify other skills or global agent settings. Autonomous invocation is allowed (platform default) but not combined with other concerning privileges.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install laosi-mcp-security-audit
  3. After installation, invoke the skill by name or use /laosi-mcp-security-audit
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of laosi-mcp-security-audit: - Comprehensive vulnerability scanning for MCP servers and skills - Malware detection and reporting - Compliance checking with detailed reports - Remediation guidance provided for identified issues
Metadata
Slug laosi-mcp-security-audit
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Mcp Security Audit?

Performs comprehensive security audits on MCP servers including vulnerability scans, malware detection, compliance checks, and detailed remediation reports. It is an AI Agent Skill for Claude Code / OpenClaw, with 30 downloads so far.

How do I install Mcp Security Audit?

Run "/install laosi-mcp-security-audit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Mcp Security Audit free?

Yes, Mcp Security Audit is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Mcp Security Audit support?

Mcp Security Audit is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Mcp Security Audit?

It is built and maintained by 534422530 (@534422530); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463942 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259883 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200739 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191401 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190375 · by oswalpalash

💬 Comments