One command. 22 security checks. Professional PDF report. Scan your MCP server or AI agent against OWASP MCP Top 10 + OWASP Agentic AI Top 10.
You have code. You want to know if it's safe. mcps-audit reads your code files, looks for 22 types of security problems across two OWASP standards, and tells you:
No serious issues. Your agent or MCP server looks good.
Some problems found. You should fix these before shipping.
Critical issues. Fix these immediately before deploying.
It shows you which file, which line, and how to fix it. The PDF report is designed to hand to your security team, compliance officer, or client.
10 security risks specific to Model Context Protocol servers. The scanner checks for vulnerable patterns AND whether mitigations (like MCPS) are in place.
| ID | Risk | What It Means |
|---|---|---|
| MCP-01 | Rug Pulls | Tool definitions change after approval |
| MCP-02 | Tool Poisoning | Hidden instructions in tool descriptions |
| MCP-03 | Privilege Escalation | Combining tools to get more access than intended |
| MCP-04 | Cross-Server Forgery | One MCP server tricks another |
| MCP-05 | Sampling Manipulation | Server manipulates AI responses |
| MCP-06 | Prompt Injection via MCP | Malicious data injected through tool responses |
| MCP-07 | Resource Exhaustion | No auth means anyone can abuse your server |
| MCP-08 | Insufficient Logging | No audit trail for what happened |
| MCP-09 | Insecure MCP-to-MCP | No origin validation between servers |
| MCP-10 | Context Pollution | Malicious data pollutes shared context |
12 security rules for AI agents mapped to MITRE ATT&CK techniques and STRIDE threat model.
| Rule | Checks For | Severity |
|---|---|---|
| AS-001 | exec(), eval(), subprocess -- dangerous code execution | CRITICAL |
| AS-002 | Hardcoded API keys, passwords, tokens | HIGH |
| AS-003 | Excessive permissions (admin, delete, execute) | MEDIUM |
| AS-004 | File input flowing into prompts (injection vector) | HIGH |
| AS-005 | Known injection: SQL, XSS, command injection | CRITICAL |
| AS-006 | Code execution without sandboxing | HIGH |
| AS-007 | Dependencies without lockfile or integrity | LOW |
| AS-008 | Auto-approve, bypass safety, skip confirmation | HIGH |
| AS-009 | innerHTML, document.write -- unsafe output | MEDIUM |
| AS-010 | No logging or monitoring detected | MEDIUM |
| AS-011 | HTTP requests that could exfiltrate data | HIGH |
| AS-012 | Server endpoints without authentication | HIGH |
We tested mcps-audit against major open-source agent frameworks and official MCP servers. Zero crashes across 1,700+ files and 450,000+ lines of code.
All targets are public open-source repositories (MIT/Apache 2.0). Findings represent pattern-based static analysis, not confirmed vulnerabilities.
mcps-audit is the testing tool that complements the MCPS standard and SDK. Together they form a complete security lifecycle for MCP.
Scan first. Fix what mcps-audit finds. Then add mcp-secure to protect against the MCP Top 10.
| Option | What It Does | Default |
|---|---|---|
| target | Folder or file to scan | . (current directory) |
| -o, --output | Where to save the PDF | ./mcps-audit-report.pdf |
| --name | Name shown in the report | Folder name |
| --json | Print JSON to terminal | Off |
| --severity | Minimum level: LOW, MEDIUM, HIGH, CRITICAL | LOW |
The generated report includes 8 sections designed for security teams, compliance audits, and executive review:
Target name, date, report ID, scanner version
PASS/WARN/FAIL verdict, risk score, severity breakdown
"WITHOUT MCPS" vs "WITH MCPS" side-by-side with reduction %
Pass/Fail/Warn for each of the 10 MCP risks
12 rules with MITRE ATT&CK + STRIDE mapping
File path, line number, code snippet, how to fix
Prioritized by severity, checkbox format
Standards referenced, scanner version, contact
Only requirement. Works on macOS, Linux, Windows.
pdfkit for PDF generation. No Chrome, no Puppeteer.
Scans 500 files in under 2 seconds. No cloud, no API keys.
mcps-audit is MIT licensed and free to use. It performs static pattern analysis only -- no code is executed, no data leaves your machine, no network requests are made during scanning.
The scanner checks against two published OWASP standards: OWASP MCP Top 10 and OWASP Agentic AI Top 10. Each finding includes the specific OWASP risk, MITRE ATT&CK technique, and remediation guidance.
Built by AgentSign (CyberSecAI Ltd). Standards: IETF Internet-Draft | mcp-secure SDK