back
loading skill details...
|
MCP Security Audit Audit MCP server configurations for security issues — secrets exposure, shell injection, unpinned dependencies, and unapproved servers. Overview MCP servers give agents direct tool access to external systems. A misconfigured .mcp.json can expose credentials, allow shell injection, or connect to untrusted servers. This skill catches those issues before they reach production. .mcp.json → Parse Servers → Check Each Server: 1. Secrets in args/env? 2. Shell injection patterns? 3. Unpinned versions (@latest)? 4. Dangerous commands (eval, bash -c)? 5. Server on approved list? → Generate Report When to Use
don't have the plugin yet? install it then click "run inline in claude" again.