Summary
Wraps the Bawbel security scanner as MCP tools so agents can audit their own supply chain mid-conversation. Exposes scan_content, scan_server_card, and scan_creds for detecting AVE vulnerabilities like prompt injection, credential leaks, and unsafe delegation chains. The check_conformance tool scores MCP servers against the spec with 18 checks and an A+ to F grade. Lookup_ave and search_ave pull from the AVE threat intelligence database with AIVSS severity scores and remediation steps. Accept_finding writes justified suppressions directly into skill files as inline comments. Reach for this when you're vetting third-party servers before adding them to your config, reviewing agentic workflows for security holes, or enforcing conformance standards across a fleet of MCP endpoints.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
Bawbel MCP Server
Security scanner for MCP servers and agentic AI components, exposed as MCP tools.
Bawbel MCP Server lets any MCP-compatible agent scan servers, check skill files, score conformance, manage justified suppressions, and query the AVE threat intelligence database mid-conversation.
Install
pip install bawbel-mcp
Or with all detection engines (YARA, Semgrep, LLM, Magika, Sandbox):
pip install "bawbel-mcp[all]"
Tools
| Tool | Description |
|---|---|
scan_content | Scan raw text content for AVE vulnerabilities |
scan_server_card | Fetch and scan an MCP server-card before connecting |
scan_creds | Credential-focused scan (API keys, tokens, passwords, private keys) |
scan_chain | Delegation chain scan (unsafe sub-agent spawning and inherited permissions) |
check_conformance | Score a server manifest against the MCP spec (18 checks, A+ to F) |
accept_finding | Insert a justified suppression with reason, reviewer, and optional expiry |
lookup_ave | Get a full AVE record by ID with remediation guidance |
search_ave | Search AVE records by keyword |
list_ave | List all AVE records with optional severity/category filters |
check_pins | Detect rug pull drift in a directory of skill files |
Resources
| Resource | Description |
|---|---|
ave://stats | Current AVE database statistics |
ave://record/{ave_id} | Full AVE record for a specific ID |
Usage
Claude Desktop
Add to claude_desktop_config.json:
{
"mcpServers": {
"bawbel": {
"command": "uvx",
"args": ["bawbel-mcp"]
}
}
}
Claude Code
claude mcp add bawbel uvx bawbel-mcp
Cursor / Windsurf
Add to your MCP settings:
{
"bawbel": {
"command": "uvx",
"args": ["bawbel-mcp"]
}
}
Remote deployment (Streamable HTTP)
uvx bawbel-mcp --transport streamable-http --host 0.0.0.0 --port 8000
Example conversations
Scan a server before connecting:
"Before I add this MCP server to my config, scan it for security issues: https://api.some-mcp-server.com"
Claude calls scan_server_card("https://api.some-mcp-server.com") and reports
findings with AVE IDs, AIVSS severity scores, and remediation steps.
Check a skill file:
"Check this skill file content for prompt injection vulnerabilities"
Claude calls scan_content(content) and returns findings including any
toxic flow chains detected.
Check for hardcoded credentials:
"Does this skill file contain any hardcoded API keys or secrets?"
Claude calls scan_creds(content) and returns credential findings only.
Check for unsafe delegation:
"Does this skill spawn sub-agents without proper trust boundaries?"
Claude calls scan_chain(content) and returns delegation chain findings.
Accept a false positive:
"Mark AVE-2026-00001 on line 7 of travel.md as a false positive. Reason: internal registry endpoint, not attacker-controlled."
Claude calls accept_finding(...) and writes the justified suppression
comment directly into the file. The approval is tracked in version control.
Score a server against the spec:
"Does this server follow the MCP spec? https://api.some-mcp-server.com"
Claude calls check_conformance("https://api.some-mcp-server.com") and
returns a score, grade, and list of failed checks.
Look up a vulnerability:
"What is AVE-2026-00041 and how do I fix it?"
Claude calls lookup_ave("AVE-2026-00041") and returns the full record
with behavioral fingerprint, IOCs, and remediation steps.
Search for relevant vulnerabilities:
"What AVE records cover credential exfiltration?"
Claude calls search_ave("credential exfiltration") and returns matching
records with AIVSS scores and OWASP MCP categories.
Audit mode - see all findings including suppressed:
"Scan this file and show me everything, including suppressed findings."
Claude calls scan_content(content, no_ignore=True) and bypasses all
suppression layers.
Requirements
- Python 3.10+
bawbel-scanner>=1.2.2(installed automatically)fastmcp>=3.0.0(installed automatically)
The bawbel CLI must be available in PATH. Installing bawbel-mcp installs
bawbel-scanner which provides the bawbel CLI.
Related
- bawbel-scanner - CLI scanner
- bawbel/ave - AVE standard and records
- api.piranha.bawbel.io - Threat intel API
- bawbel.io/docs - Full documentation
Apache 2.0. Built by Bawbel.
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →