DEV Community: A Rodolf Boctor The latest articles on DEV Community by A Rodolf Boctor (@rodolfboctor). https://dev.to/rodolfboctor https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3840545%2F55f7edc3-d8c9-46bb-95ee-f3091f769342.jpeg DEV Community: A Rodolf Boctor https://dev.to/rodolfboctor en I Built an MCP Security Audit System with mcp-scan and Notion MCP A Rodolf Boctor Sun, 29 Mar 2026 05:06:49 +0000 https://dev.to/rodolfboctor/i-built-an-mcp-security-audit-system-with-mcp-scan-and-notion-mcp-4b44 https://dev.to/rodolfboctor/i-built-an-mcp-security-audit-system-with-mcp-scan-and-notion-mcp-4b44 <p><em>This is a submission for the <a href="https://dev.to/challenges/notion-2026-03-04">Notion MCP Challenge</a></em></p> <h2> What I Built </h2> <p>I spend most of my day inside Claude Desktop, Cursor, and VS Code. Each of those tools runs MCP servers in the background. Those servers have full access to my filesystem, environment variables, and network. I'd never actually audited what they were doing.</p> <p>So I built a two-part system. First: <a href="https://github.com/rodolfboctor/mcp-scan" rel="noopener noreferrer">mcp-scan</a>, a CLI that scans every MCP server config on your machine and reports what it finds. Second: a Notion MCP integration that takes those findings and pushes them into a structured Notion database, turning a one-time terminal output into a tracked security backlog.</p> <p>Running it on my own machine found 3 HIGH and 9 MEDIUM severity issues across 10 servers. One server had both filesystem access and outbound network calls (textbook exfiltration setup). Another was pulling from an unverified npm package outside the <code>@modelcontextprotocol</code> org. Neither of those was obvious from reading config files.</p> <p>The pipeline:</p> <ol> <li> <code>npx mcp-scan@latest --json</code> reads all your AI tool configs and outputs structured JSON</li> <li>A Node.js bridge script reads that JSON from stdin and calls the Notion API</li> <li>Each finding becomes a database row: server name, severity, finding type, which AI tool is affected, the config path, and a fix recommendation</li> <li>You end up with a Notion page where you can filter by severity, assign findings to yourself, and mark things fixed</li> </ol> <p>The Notion part matters because security findings in a terminal vanish. You close the window and forget. A Notion database doesn't forget, and it works with the rest of your project docs instead of living in some separate security tool.</p> <h2> Video Demo </h2> <p>Here's what the terminal output looks like when you run the full pipeline:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npx mcp-scan@latest <span class="nt">--json</span> | node notion-integration/push-to-notion.js </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> + thynkq-router (Claude Code): exfiltration-vector [HIGH] -- created + thynkq-router (Claude Code): exfiltration-vector [MEDIUM] -- created + vercel (Claude Code): network-egress-unknown [MEDIUM] -- created + vercel (Claude Code): data-controls-sharing [LOW] -- created + playwright (Claude Code): unverified-source [HIGH] -- created + vercel (Gemini CLI): duplicate-server [MEDIUM] -- created + playwright (Gemini CLI): duplicate-server [MEDIUM] -- created + sequentialthinking (Claude Code): unverified-source [HIGH] -- created Done: 8 created, 0 updated, 4 clean servers skipped. Total findings tracked in Notion: 8 </code></pre> </div> <p>Each of those lines is a real finding from scanning my own machine right now.</p> <h2> Show us the code </h2> <p><strong>GitHub repo:</strong> <a href="https://github.com/rodolfboctor/mcp-scan" rel="noopener noreferrer">github.com/rodolfboctor/mcp-scan</a></p> <p>The integration is in <code>notion-integration/push-to-notion.js</code>. Core logic:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Client</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@notionhq/client</span><span class="dl">"</span><span class="p">;</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">main</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">notion</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Client</span><span class="p">({</span> <span class="na">auth</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">NOTION_API_KEY</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">databaseId</span> <span class="o">=</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">NOTION_DATABASE_ID</span><span class="p">;</span> <span class="kd">let</span> <span class="nx">raw</span> <span class="o">=</span> <span class="dl">""</span><span class="p">;</span> <span class="k">for</span> <span class="k">await </span><span class="p">(</span><span class="kd">const</span> <span class="nx">chunk</span> <span class="k">of</span> <span class="nx">process</span><span class="p">.</span><span class="nx">stdin</span><span class="p">)</span> <span class="nx">raw</span> <span class="o">+=</span> <span class="nx">chunk</span><span class="p">;</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">results</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="nx">raw</span><span class="p">);</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="nx">server</span> <span class="k">of</span> <span class="nx">results</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">serverName</span><span class="p">,</span> <span class="nx">toolName</span><span class="p">,</span> <span class="nx">configPath</span><span class="p">,</span> <span class="nx">findings</span> <span class="o">=</span> <span class="p">[]</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">server</span><span class="p">;</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="nx">finding</span> <span class="k">of</span> <span class="nx">findings</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">id</span><span class="p">,</span> <span class="nx">severity</span><span class="p">,</span> <span class="nx">fixRecommendation</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">finding</span><span class="p">;</span> <span class="c1">// Idempotent: don't create duplicates on re-scan</span> <span class="kd">const</span> <span class="nx">existing</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">notion</span><span class="p">.</span><span class="nx">databases</span><span class="p">.</span><span class="nf">query</span><span class="p">({</span> <span class="na">database_id</span><span class="p">:</span> <span class="nx">databaseId</span><span class="p">,</span> <span class="na">filter</span><span class="p">:</span> <span class="p">{</span> <span class="na">and</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="na">property</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Server</span><span class="dl">"</span><span class="p">,</span> <span class="na">rich_text</span><span class="p">:</span> <span class="p">{</span> <span class="na">equals</span><span class="p">:</span> <span class="nx">serverName</span> <span class="p">}</span> <span class="p">},</span> <span class="p">{</span> <span class="na">property</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Finding ID</span><span class="dl">"</span><span class="p">,</span> <span class="na">rich_text</span><span class="p">:</span> <span class="p">{</span> <span class="na">equals</span><span class="p">:</span> <span class="nx">id</span> <span class="p">}</span> <span class="p">},</span> <span class="p">{</span> <span class="na">property</span><span class="p">:</span> <span class="dl">"</span><span class="s2">AI Tool</span><span class="dl">"</span><span class="p">,</span> <span class="na">rich_text</span><span class="p">:</span> <span class="p">{</span> <span class="na">equals</span><span class="p">:</span> <span class="nx">toolName</span> <span class="p">}</span> <span class="p">},</span> <span class="p">],</span> <span class="p">},</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">props</span> <span class="o">=</span> <span class="p">{</span> <span class="na">Name</span><span class="p">:</span> <span class="p">{</span> <span class="na">title</span><span class="p">:</span> <span class="p">[{</span> <span class="na">text</span><span class="p">:</span> <span class="p">{</span> <span class="na">content</span><span class="p">:</span> <span class="nx">serverName</span> <span class="o">+</span> <span class="dl">"</span><span class="s2">: </span><span class="dl">"</span> <span class="o">+</span> <span class="nx">id</span> <span class="p">}</span> <span class="p">}]</span> <span class="p">},</span> <span class="na">Server</span><span class="p">:</span> <span class="p">{</span> <span class="na">rich_text</span><span class="p">:</span> <span class="p">[{</span> <span class="na">text</span><span class="p">:</span> <span class="p">{</span> <span class="na">content</span><span class="p">:</span> <span class="nx">serverName</span> <span class="p">}</span> <span class="p">}]</span> <span class="p">},</span> <span class="dl">"</span><span class="s2">AI Tool</span><span class="dl">"</span><span class="p">:</span> <span class="p">{</span> <span class="na">rich_text</span><span class="p">:</span> <span class="p">[{</span> <span class="na">text</span><span class="p">:</span> <span class="p">{</span> <span class="na">content</span><span class="p">:</span> <span class="nx">toolName</span> <span class="p">}</span> <span class="p">}]</span> <span class="p">},</span> <span class="na">Severity</span><span class="p">:</span> <span class="p">{</span> <span class="na">select</span><span class="p">:</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="nx">severity</span> <span class="p">}</span> <span class="p">},</span> <span class="dl">"</span><span class="s2">Finding ID</span><span class="dl">"</span><span class="p">:</span> <span class="p">{</span> <span class="na">rich_text</span><span class="p">:</span> <span class="p">[{</span> <span class="na">text</span><span class="p">:</span> <span class="p">{</span> <span class="na">content</span><span class="p">:</span> <span class="nx">id</span> <span class="p">}</span> <span class="p">}]</span> <span class="p">},</span> <span class="dl">"</span><span class="s2">Config Path</span><span class="dl">"</span><span class="p">:</span> <span class="p">{</span> <span class="na">rich_text</span><span class="p">:</span> <span class="p">[{</span> <span class="na">text</span><span class="p">:</span> <span class="p">{</span> <span class="na">content</span><span class="p">:</span> <span class="nx">configPath</span> <span class="o">||</span> <span class="dl">""</span> <span class="p">}</span> <span class="p">}]</span> <span class="p">},</span> <span class="dl">"</span><span class="s2">Fix</span><span class="dl">"</span><span class="p">:</span> <span class="p">{</span> <span class="na">rich_text</span><span class="p">:</span> <span class="p">[{</span> <span class="na">text</span><span class="p">:</span> <span class="p">{</span> <span class="na">content</span><span class="p">:</span> <span class="nx">fixRecommendation</span> <span class="o">||</span> <span class="dl">""</span> <span class="p">}</span> <span class="p">}]</span> <span class="p">},</span> <span class="dl">"</span><span class="s2">Scan Date</span><span class="dl">"</span><span class="p">:</span> <span class="p">{</span> <span class="na">date</span><span class="p">:</span> <span class="p">{</span> <span class="na">start</span><span class="p">:</span> <span class="k">new</span> <span class="nc">Date</span><span class="p">().</span><span class="nf">toISOString</span><span class="p">()</span> <span class="p">}</span> <span class="p">},</span> <span class="p">};</span> <span class="k">if </span><span class="p">(</span><span class="nx">existing</span><span class="p">.</span><span class="nx">results</span><span class="p">.</span><span class="nx">length</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span> <span class="k">await</span> <span class="nx">notion</span><span class="p">.</span><span class="nx">pages</span><span class="p">.</span><span class="nf">update</span><span class="p">({</span> <span class="na">page_id</span><span class="p">:</span> <span class="nx">existing</span><span class="p">.</span><span class="nx">results</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="nx">id</span><span class="p">,</span> <span class="na">properties</span><span class="p">:</span> <span class="nx">props</span> <span class="p">});</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2"> ~ </span><span class="dl">"</span> <span class="o">+</span> <span class="nx">serverName</span> <span class="o">+</span> <span class="dl">"</span><span class="s2"> (</span><span class="dl">"</span> <span class="o">+</span> <span class="nx">toolName</span> <span class="o">+</span> <span class="dl">"</span><span class="s2">): </span><span class="dl">"</span> <span class="o">+</span> <span class="nx">id</span> <span class="o">+</span> <span class="dl">"</span><span class="s2"> [</span><span class="dl">"</span> <span class="o">+</span> <span class="nx">severity</span> <span class="o">+</span> <span class="dl">"</span><span class="s2">] -- updated</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="k">await</span> <span class="nx">notion</span><span class="p">.</span><span class="nx">pages</span><span class="p">.</span><span class="nf">create</span><span class="p">({</span> <span class="na">parent</span><span class="p">:</span> <span class="p">{</span> <span class="na">database_id</span><span class="p">:</span> <span class="nx">databaseId</span> <span class="p">},</span> <span class="na">properties</span><span class="p">:</span> <span class="p">{</span> <span class="p">...</span><span class="nx">props</span><span class="p">,</span> <span class="na">Status</span><span class="p">:</span> <span class="p">{</span> <span class="na">select</span><span class="p">:</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Open</span><span class="dl">"</span> <span class="p">}</span> <span class="p">}</span> <span class="p">},</span> <span class="p">});</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2"> + </span><span class="dl">"</span> <span class="o">+</span> <span class="nx">serverName</span> <span class="o">+</span> <span class="dl">"</span><span class="s2"> (</span><span class="dl">"</span> <span class="o">+</span> <span class="nx">toolName</span> <span class="o">+</span> <span class="dl">"</span><span class="s2">): </span><span class="dl">"</span> <span class="o">+</span> <span class="nx">id</span> <span class="o">+</span> <span class="dl">"</span><span class="s2"> [</span><span class="dl">"</span> <span class="o">+</span> <span class="nx">severity</span> <span class="o">+</span> <span class="dl">"</span><span class="s2">] -- created</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="nf">main</span><span class="p">().</span><span class="k">catch</span><span class="p">(</span><span class="nx">console</span><span class="p">.</span><span class="nx">error</span><span class="p">);</span> </code></pre> </div> <p>The idempotency check is the part I care about most. Run the scan on Monday, mark three findings as "Fixed" in Notion, run it again on Friday. The Friday run doesn't reset your status flags or create duplicate rows. It updates the scan date on existing findings and creates new ones if any appeared.</p> <p>You can also skip the script entirely and use Notion MCP directly from Claude. Add this to your <code>.mcp.json</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"mcpServers"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"notion"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"command"</span><span class="p">:</span><span class="w"> </span><span class="s2">"npx"</span><span class="p">,</span><span class="w"> </span><span class="nl">"args"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"-y"</span><span class="p">,</span><span class="w"> </span><span class="s2">"@notionhq/notion-mcp-server"</span><span class="p">],</span><span class="w"> </span><span class="nl">"env"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"OPENAPI_MCP_HEADERS"</span><span class="p">:</span><span class="w"> </span><span class="s2">"{</span><span class="se">\"</span><span class="s2">Authorization</span><span class="se">\"</span><span class="s2">: </span><span class="se">\"</span><span class="s2">Bearer YOUR_NOTION_TOKEN</span><span class="se">\"</span><span class="s2">}"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Then ask Claude: "Run mcp-scan with --json, then use Notion MCP to create a database with those findings. Each row needs server name, severity, finding description, which AI tool is affected, and the fix recommendation."</p> <p>Claude handles both tools in one shot.</p> <h2> How I Used Notion MCP </h2> <p>The Notion MCP server gives you tools to create pages, query databases, and update properties. That's exactly what this workflow needs.</p> <p>The three things it actually unlocks here:</p> <p><strong>Persistence.</strong> mcp-scan output is ephemeral. You run it, you see it, you close the terminal. Notion MCP writes it to a database that doesn't go away. Each finding has typed properties (severity as a select with color, dates as date fields, paths as text) so you can filter and sort without any extra work.</p> <p><strong>Idempotency.</strong> Before creating a new page, the script queries Notion for any existing entry with the same server name, finding ID, and AI tool. If it exists, it updates instead of creating. This means you can run the scan daily without polluting the database.</p> <p><strong>Remediation tracking.</strong> New findings start as "Open." Your team moves them to "In Progress" or "Fixed" as you work through them. The re-scan doesn't touch the status field on existing entries, so your progress doesn't get wiped.</p> <p>That last point is why I wanted Notion specifically rather than just a CSV. The database is a working backlog, not a report you run once and forget.</p> <p>The setup takes about 10 minutes: create a Notion integration, create the database with the right properties, share it with the integration, set two env vars, done.</p> <p><strong>Try it:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Scan your MCP servers</span> npx mcp-scan@latest <span class="c"># Push findings to Notion</span> npx mcp-scan@latest <span class="nt">--json</span> | <span class="nv">NOTION_API_KEY</span><span class="o">=</span>xxx <span class="nv">NOTION_DATABASE_ID</span><span class="o">=</span>yyy node notion-integration/push-to-notion.js </code></pre> </div> <p>Full setup instructions in the <a href="https://github.com/rodolfboctor/mcp-scan/blob/main/notion-integration/README.md" rel="noopener noreferrer">notion-integration/README.md</a>.</p> devchallenge notionchallenge mcp ai MCP configs are a silent security risk. I built mcp-scan to fix that. A Rodolf Boctor Mon, 23 Mar 2026 17:24:52 +0000 https://dev.to/rodolfboctor/mcp-configs-are-a-silent-security-risk-i-built-mcp-scan-to-fix-that-5akk https://dev.to/rodolfboctor/mcp-configs-are-a-silent-security-risk-i-built-mcp-scan-to-fix-that-5akk <p>MCP (Model Context Protocol) is the new standard for connecting AI assistants to tools. Claude, Cursor, VS Code Copilot, and Windsurf all use it. Millions of developers now have MCP server configs sitting on their machines.</p> <p>Those configs are a mess from a security standpoint.</p> <h2> What goes wrong </h2> <p>Here's what I found looking at real MCP configs:</p> <p><strong>Leaked secrets.</strong> People hardcode GitHub tokens, OpenAI keys, and database credentials directly in the <code>env</code> block. The config file sits in a predictable path with no protection.</p> <p><strong>Typosquatted packages.</strong> The MCP ecosystem is new and the package names are long. <code>@modelcontextprotocol/server-filesystem</code> vs <code>@modeicontextprotocol/server-filesystem</code> - one character difference, easy to miss, potentially malicious.</p> <p><strong>Overly broad permissions.</strong> Filesystem servers configured with <code>/</code> as the allowed path instead of <code>~/projects</code>. One prompt injection later and an AI assistant has read access to your entire machine.</p> <p><strong>Insecure transport.</strong> SSE-based MCP servers running over HTTP instead of HTTPS. Credentials in transit.</p> <h2> What I built </h2> <p><code>mcp-scan</code> is a CLI that scans your MCP server configs and flags these issues. It checks:</p> <ul> <li>API keys, tokens, and other secrets in env vars and args</li> <li>Package names against a typosquatting detection algorithm</li> <li>Filesystem permissions for overly broad access</li> <li>JSON config for missing env vars, malformed structure, injection patterns in args</li> <li>Transport security for SSE servers</li> </ul> <p>Supports Claude Desktop, Cursor, VS Code Copilot, Claude Code, and Windsurf out of the box.</p> <h2> Usage </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npx mcp-scan </code></pre> </div> <p>That's it. No install required for a one-off scan.</p> <p>Example output when it finds issues:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Cursor - shady-analytics Config: /Users/rodolf/.cursor/mcp.json HIGH | typosquat-detection | Package 'mcp-analytics-proo' looks suspiciously like official package VS Code - github-leaky Config: /Users/rodolf/.vscode/mcp.json CRITICAL | exposed-secret | Exposed GitHub Token in environment variable 'GITHUB_TOKEN' CRITICAL: 2 servers scanned in 12ms. Critical: 1, High: 1, Medium: 0. </code></pre> </div> <h2> CI/CD integration </h2> <p>You can run it in GitHub Actions to catch issues before they ship:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="pi">-</span> <span class="na">run</span><span class="pi">:</span> <span class="s">npx mcp-scan ci</span> </code></pre> </div> <p>Returns exit code 1 if critical or high severity issues are found.</p> <h2> Links </h2> <ul> <li>GitHub: <a href="https://github.com/rodolfboctor/mcp-scan" rel="noopener noreferrer">https://github.com/rodolfboctor/mcp-scan</a> </li> <li>npm: <code>npm install -g mcp-scan</code> </li> </ul> <p>v1.0.1, just shipped. Feedback welcome - open an issue if you find a config pattern it misses.</p> security opensource ai devtools