Show HN: Mcpaudit – static security scanner for MCP servers

Category: security

Tags: security, static-analysis, mcp-server, ai-agents, code-scanner

Score: 7.3/10 (Innovation: 7, Technical: 7, Documentation: 8, Utility: 7)

Mcpaudit is a static security scanner for MCP servers (AI agent plugins) that analyzes source code offline to detect dangerous patterns like command injection, credential leaks, and over-broad permissions before an agent runs untrusted plugins. It fills a real gap in the emerging MCP ecosystem by providing deterministic, CI-friendly security checks with baseline diffing for continuous monitoring.

Target audience: backend devs, devops, ai engineers

Repository: https://github.com/allenwu-blip/mcpaudit · JavaScript · MIT · 1 stars

View on Hacker News