I built an open-source security scanner for MCP server configurations

The Problem

MCP (Model Context Protocol) servers are becoming the backbone of AI agent tooling — but their configurations are a security minefield. In the last three months alone, 30+ CVEs were filed against MCP implementations, and research shows that 66% of 1,808 scanned MCP servers had security findings.

The scariest part? More capable models are more vulnerable to tool poisoning attacks. OpenAI's o1-mini showed a 72.8% success rate for tool poisoning, and with just 5 connected servers, attack success rates hit 78% (Palo Alto research).

What agent-audit Does

agent-audit is a CLI tool that scans your MCP server configurations for security issues before attackers find them.

npx agent-audit ~/Library/Application\ Support/Claude/claude_desktop_config.json

It checks for:

• Prompt injection in tool descriptions (the #1 OWASP Agentic AI risk)
• Command injection via shell execution tools
• Hardcoded secrets in configs (AWS keys, API tokens)
• Excessive permissions (filesystem access, network exposure)
• Auth bypass patterns

Every finding maps to the OWASP Agentic AI Top 10 with actionable fix recommendations.

Example Output

────────────────────────────────────────────────────────────
agent-audit — MCP Security Scanner
────────────────────────────────────────────────────────────
Target:    claude_desktop_config.json
Duration:  4ms
────────────────────────────────────────────────────────────

[1] 🔴 CRITICAL
    Classic instruction override in tool description
    Rule: prompt-injection/tool-description
    Location: file-manager → tools.read_file.description
    OWASP: A01:2025 - Prompt Injection

    ▶ Fix: Review tool description. Remove instruction-like language.

[2] 🟠 HIGH
    Secret value hardcoded in MCP server config
    Rule: auth-bypass/env-secret-in-config
    Location: file-manager → env.AWS_ACCESS_KEY_ID
    OWASP: A07:2025 - Insecure Credential Storage

    ▶ Fix: Use $MY_SECRET shell references instead of hardcoded values.

Programmatic API

import { scan, parseClaudeDesktopConfig } from "agent-audit";

const servers = parseClaudeDesktopConfig("/path/to/config.json");
const result = await scan(servers, "my-app");

console.log(result.summary);
// { critical: 0, high: 2, medium: 1, low: 3, info: 0 }

Why This Matters Now

RSAC 2026 made MCP security a major theme. Snyk launched agent-scan, NVIDIA shipped NemoClaw (11-layer agent firewall), and Check Point is deploying IPS signatures for MCP CVEs. The ecosystem is waking up to the fact that agent tooling needs the same security scrutiny we give to dependencies and infrastructure.

agent-audit is open source (MIT), zero dependencies beyond the scanner itself, and runs in milliseconds. It's built by AgentLair — persistent identity, email, and credential vault for AI agents.

Try it: npx agent-audit your-config.json

GitHub: github.com/piiiico/agent-audit
npm: @piiiico/agent-audit

---

What security issues have you run into with MCP servers? I'd love to hear about patterns I should add detection rules for.