Mcp Audit Server

authSTDIOregistry active

Summary

A thin proxy that routes security audit commands to a private backend, either self-hosted or managed at audit.leddconsulting.com. Exposes 10 MCP tools covering static config analysis, live server probing, prompt injection testing with 30+ payloads, agent trust scoring, dataflow tracing for PII leaks, package vulnerability scanning, and auto-remediation. The CLI mirrors those operations for CI or manual audits. All scan logic lives on the backend, so you need an API key for the hosted service or your own deployment. Useful if you're running multiple MCP servers in production and want centralized auditing without embedding heavy analysis code in every client config.

CodeRabbit

AI writes the code. CodeRabbit catches the slop.

Try For Free →

Keep your Mac awake

Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.

One time payment $9 →

Context.dev

Integrate web data into your AI product. One API to scrape website & brand data.

Get API Key Now →

Make your agent a DeFi expert

Agent, run crypto. Access onchain data & trade routes via 1inch.

Install now →

Make money from your Skills

On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.

Start earning →

AppSignal

Monitor with ease. Code with confidence.

Start Free Trial →

CodeRabbit

AI writes the code. CodeRabbit catches the slop.

Try For Free →

Keep your Mac awake

Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.

One time payment $9 →

Context.dev

Integrate web data into your AI product. One API to scrape website & brand data.

Get API Key Now →

Make your agent a DeFi expert

Agent, run crypto. Access onchain data & trade routes via 1inch.

Install now →

Make money from your Skills

On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.

Start earning →

AppSignal

Monitor with ease. Code with confidence.

Start Free Trial →

mcp-audit-server

Thin MCP server and CLI proxy for AI agent and MCP security auditing. It connects to a private audit API to analyze MCP configurations, test prompt injection resistance, trace data flows, scan packages, and generate security policies.

This package is a thin proxy. All scan logic lives in a private backend operated by you or your provider.

Managed hosted flow:

set AGENT_SECURITY_API_KEY
the package will automatically target https://audit.leddconsulting.com

Self-hosted or private-network flow:

set AGENT_SECURITY_BASE_URL to your HTTPS API origin
or set AGENT_SECURITY_HOST and AGENT_SECURITY_PORT for a loopback/private deployment

Hosted backend access is not bundled with this package. If you want managed access or a licensed private deployment, contact Ledd Consulting.

Registry and Directories

npm package: ledd-mcp-audit-server
Official MCP Registry name: io.github.joepangallo/mcp-audit-server
Downstream directories such as Glama and PulseMCP should ingest from the official MCP Registry, so you usually do not need separate manual submissions for each site.
Glama authorship claim is optional. It only gives you ownership of the Glama page and access to manual sync and re-scan controls.

Install

npm install ledd-mcp-audit-server

Install package: ledd-mcp-audit-server CLI command after install: mcp-audit-server

This is the public package that should be published to npm and listed in public MCP directories. The audit engine itself stays private.

The old package name mcp-server-agent-security is retired. See MIGRATION.md for upgrade steps and the deprecation plan.

Usage as MCP Server

Add to your MCP client configuration (Claude Desktop, Cursor, etc.):

{
  "mcpServers": {
    "mcp-audit-server": {
      "command": "npx",
      "args": ["-y", "ledd-mcp-audit-server", "--mcp"],
      "env": {
        "AGENT_SECURITY_API_KEY": "your-issued-api-key"
      }
    }
  }
}

For a self-hosted backend, add AGENT_SECURITY_BASE_URL to that same env block.

The server exposes 10 tools over stdio:

Tool	Description
`audit_mcp_config`	Static analysis of MCP config JSON for privilege, auth, transport, and launch risks
`audit_mcp_server`	Active probing of a running MCP server over stdio (requires `AGENT_SECURITY_ADMIN_MODE=1`)
`audit_agent_trust`	Trust audit for tool permissions, execution provenance, secret exposure controls, policy drift, and deployment trust score
`audit_prompt_injection`	Tests a system prompt against a 30+ payload injection catalog
`audit_agent_dataflow`	Traces PII and secret exposure through an agent's tool pipeline
`scan_mcp_package`	Scans an npm MCP package for dependency vulnerabilities and dangerous patterns
`generate_report`	Combines multiple audit results into a composite report with executive summary
`fix_mcp_config`	Auto-remediates config issues: removes unsafe flags, upgrades transport, redacts secrets
`harden_system_prompt`	Appends injection-resistant guardrails to a system prompt
`generate_policy`	Generates an enforceable JSON security policy from an MCP config

Usage as CLI

The CLI forwards commands to the private audit API.

# Hosted quick start
export AGENT_SECURITY_API_KEY=your-issued-api-key

# Audit an MCP configuration file
mcp-audit-server scan-config ./claude_desktop_config.json

# Probe a live MCP server (requires AGENT_SECURITY_ADMIN_MODE=1)
mcp-audit-server scan-server npx -y @modelcontextprotocol/server-filesystem /tmp

# Audit trust posture and policy drift for an agent/MCP deployment
mcp-audit-server scan-trust ./claude_desktop_config.json ./claimed-policy.json

# Scan an npm package for vulnerabilities
mcp-audit-server scan-package @modelcontextprotocol/server-shell

# Test a system prompt for injection vulnerabilities
mcp-audit-server scan-injection ./system-prompt.txt

# Trace data flows through an MCP config
mcp-audit-server scan-dataflow ./claude_desktop_config.json

# Auto-fix security issues in an MCP config
mcp-audit-server fix-config ./claude_desktop_config.json

# Harden a system prompt against injection
mcp-audit-server harden-prompt ./system-prompt.txt

# Generate a security policy from an MCP config
mcp-audit-server generate-policy ./claude_desktop_config.json

# Retrieve a previous audit report
mcp-audit-server report <audit-id>

# Output raw JSON instead of formatted tables
mcp-audit-server scan-config ./config.json --json

# Start in MCP stdio server mode
mcp-audit-server --mcp

For a self-hosted backend, also set AGENT_SECURITY_BASE_URL=https://your-audit-host.

Environment Variables

Variable	Default	Description
`AGENT_SECURITY_BASE_URL`	(none)	Full audit API origin, e.g. `https://audit.example.com`
`AGENT_SECURITY_HOST`	`127.0.0.1`	Self-hosted/private-network audit API host
`AGENT_SECURITY_PORT`	`3091`	Self-hosted/private-network audit API port
`AGENT_SECURITY_API_KEY`	(none)	API key for authenticated access. If set with no endpoint overrides, the package uses `https://audit.leddconsulting.com`
`AGENT_SECURITY_REQUEST_TIMEOUT_MS`	`15000`	Request timeout for CLI and MCP proxy calls
`AGENT_SECURITY_ADMIN_MODE`	(none)	Set to `1` to enable active server probing

What It Detects

Tool spoofing -- duplicate tool names, namespace collision (CWE-290)
Rug pull -- unpinned packages, version drift (CWE-829)
Prompt injection -- direct override, instruction hijacking, role-play escape, delimiter injection, encoding bypass, multilingual injection
Privilege escalation -- overprivileged tools, shell execution without allowlists, unrestricted filesystem access
Data exfiltration -- PII leakage through tool pipelines, outbound network paths
Insecure transport -- missing TLS, plaintext credentials in config
Missing auth -- unauthenticated MCP servers, missing API key requirements
Shell injection -- arbitrary command execution via tool configurations
Path traversal -- unrestricted filesystem scope in tool arguments
SQL injection -- raw SQL patterns in tool definitions
Rate limiting -- missing request throttling on exposed tools
Package vulnerabilities -- known CVEs in npm MCP package dependencies
Credential exposure -- inline secrets, missing rotation policies
Agent trust drift -- claimed-safe policies that do not match configured tools, network posture, or observed action logs
Weak provenance -- missing action/evidence capture for risky agent operations

Requirements

Node.js >= 18
Access to a private audit API. The managed hosted default is https://audit.leddconsulting.com when AGENT_SECURITY_API_KEY is set. Use AGENT_SECURITY_BASE_URL for other hosted HTTPS deployments, or AGENT_SECURITY_HOST and AGENT_SECURITY_PORT for local/private-network deployments.

License

MIT

Built by Ledd Consulting

Featured

CodeRabbit

AI writes the code. CodeRabbit catches the slop.

Try For Free →

Keep your Mac awake

Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.

One time payment $9 →

Context.dev

Integrate web data into your AI product. One API to scrape website & brand data.

Get API Key Now →

Make your agent a DeFi expert

Agent, run crypto. Access onchain data & trade routes via 1inch.

Install now →

Make money from your Skills

On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.

Start earning →

AppSignal

Monitor with ease. Code with confidence.

Start Free Trial →

Configuration

AGENT_SECURITY_API_KEY*secret

API key for the managed hosted audit backend

AGENT_SECURITY_BASE_URL

Optional HTTPS API origin for self-hosted or private deployments

mcp-audit-server

This package is a thin proxy. All scan logic lives in a private backend operated by you or your provider.

Managed hosted flow:

set AGENT_SECURITY_API_KEY
the package will automatically target https://audit.leddconsulting.com

Self-hosted or private-network flow:

set AGENT_SECURITY_BASE_URL to your HTTPS API origin
or set AGENT_SECURITY_HOST and AGENT_SECURITY_PORT for a loopback/private deployment

Hosted backend access is not bundled with this package. If you want managed access or a licensed private deployment, contact Ledd Consulting.

Registry and Directories

npm package: ledd-mcp-audit-server
Official MCP Registry name: io.github.joepangallo/mcp-audit-server
Downstream directories such as Glama and PulseMCP should ingest from the official MCP Registry, so you usually do not need separate manual submissions for each site.
Glama authorship claim is optional. It only gives you ownership of the Glama page and access to manual sync and re-scan controls.

Install

npm install ledd-mcp-audit-server

Install package: ledd-mcp-audit-server CLI command after install: mcp-audit-server

This is the public package that should be published to npm and listed in public MCP directories. The audit engine itself stays private.

The old package name mcp-server-agent-security is retired. See MIGRATION.md for upgrade steps and the deprecation plan.

Usage as MCP Server

Add to your MCP client configuration (Claude Desktop, Cursor, etc.):

{
  "mcpServers": {
    "mcp-audit-server": {
      "command": "npx",
      "args": ["-y", "ledd-mcp-audit-server", "--mcp"],
      "env": {
        "AGENT_SECURITY_API_KEY": "your-issued-api-key"
      }
    }
  }
}

For a self-hosted backend, add AGENT_SECURITY_BASE_URL to that same env block.

The server exposes 10 tools over stdio:

Tool	Description
`audit_mcp_config`	Static analysis of MCP config JSON for privilege, auth, transport, and launch risks
`audit_mcp_server`	Active probing of a running MCP server over stdio (requires `AGENT_SECURITY_ADMIN_MODE=1`)
`audit_agent_trust`	Trust audit for tool permissions, execution provenance, secret exposure controls, policy drift, and deployment trust score
`audit_prompt_injection`	Tests a system prompt against a 30+ payload injection catalog
`audit_agent_dataflow`	Traces PII and secret exposure through an agent's tool pipeline
`scan_mcp_package`	Scans an npm MCP package for dependency vulnerabilities and dangerous patterns
`generate_report`	Combines multiple audit results into a composite report with executive summary
`fix_mcp_config`	Auto-remediates config issues: removes unsafe flags, upgrades transport, redacts secrets
`harden_system_prompt`	Appends injection-resistant guardrails to a system prompt
`generate_policy`	Generates an enforceable JSON security policy from an MCP config

Usage as CLI

The CLI forwards commands to the private audit API.

# Hosted quick start
export AGENT_SECURITY_API_KEY=your-issued-api-key

# Audit an MCP configuration file
mcp-audit-server scan-config ./claude_desktop_config.json

# Probe a live MCP server (requires AGENT_SECURITY_ADMIN_MODE=1)
mcp-audit-server scan-server npx -y @modelcontextprotocol/server-filesystem /tmp

# Audit trust posture and policy drift for an agent/MCP deployment
mcp-audit-server scan-trust ./claude_desktop_config.json ./claimed-policy.json

# Scan an npm package for vulnerabilities
mcp-audit-server scan-package @modelcontextprotocol/server-shell

# Test a system prompt for injection vulnerabilities
mcp-audit-server scan-injection ./system-prompt.txt

# Trace data flows through an MCP config
mcp-audit-server scan-dataflow ./claude_desktop_config.json

# Auto-fix security issues in an MCP config
mcp-audit-server fix-config ./claude_desktop_config.json

# Harden a system prompt against injection
mcp-audit-server harden-prompt ./system-prompt.txt

# Generate a security policy from an MCP config
mcp-audit-server generate-policy ./claude_desktop_config.json

# Retrieve a previous audit report
mcp-audit-server report <audit-id>

# Output raw JSON instead of formatted tables
mcp-audit-server scan-config ./config.json --json

# Start in MCP stdio server mode
mcp-audit-server --mcp

For a self-hosted backend, also set AGENT_SECURITY_BASE_URL=https://your-audit-host.

Environment Variables

Variable	Default	Description
`AGENT_SECURITY_BASE_URL`	(none)	Full audit API origin, e.g. `https://audit.example.com`
`AGENT_SECURITY_HOST`	`127.0.0.1`	Self-hosted/private-network audit API host
`AGENT_SECURITY_PORT`	`3091`	Self-hosted/private-network audit API port
`AGENT_SECURITY_API_KEY`	(none)	API key for authenticated access. If set with no endpoint overrides, the package uses `https://audit.leddconsulting.com`
`AGENT_SECURITY_REQUEST_TIMEOUT_MS`	`15000`	Request timeout for CLI and MCP proxy calls
`AGENT_SECURITY_ADMIN_MODE`	(none)	Set to `1` to enable active server probing

What It Detects

Tool spoofing -- duplicate tool names, namespace collision (CWE-290)
Rug pull -- unpinned packages, version drift (CWE-829)
Prompt injection -- direct override, instruction hijacking, role-play escape, delimiter injection, encoding bypass, multilingual injection
Privilege escalation -- overprivileged tools, shell execution without allowlists, unrestricted filesystem access
Data exfiltration -- PII leakage through tool pipelines, outbound network paths
Insecure transport -- missing TLS, plaintext credentials in config
Missing auth -- unauthenticated MCP servers, missing API key requirements
Shell injection -- arbitrary command execution via tool configurations
Path traversal -- unrestricted filesystem scope in tool arguments
SQL injection -- raw SQL patterns in tool definitions
Rate limiting -- missing request throttling on exposed tools
Package vulnerabilities -- known CVEs in npm MCP package dependencies
Credential exposure -- inline secrets, missing rotation policies
Agent trust drift -- claimed-safe policies that do not match configured tools, network posture, or observed action logs
Weak provenance -- missing action/evidence capture for risky agent operations

Requirements

Node.js >= 18
Access to a private audit API. The managed hosted default is https://audit.leddconsulting.com when AGENT_SECURITY_API_KEY is set. Use AGENT_SECURITY_BASE_URL for other hosted HTTPS deployments, or AGENT_SECURITY_HOST and AGENT_SECURITY_PORT for local/private-network deployments.

License

MIT

Built by Ledd Consulting

Mcp Audit Server

mcp-audit-server

Registry and Directories

Install

Usage as MCP Server

Usage as CLI

Environment Variables

What It Detects

Requirements

License

Configuration

Mcp Audit Server

mcp-audit-server

Registry and Directories

Install

Usage as MCP Server

Usage as CLI

Environment Variables

What It Detects

Requirements

License

Configuration

Related AI & LLM Tools MCP Servers

Related AI & LLM Tools MCP Servers