Metadata-Version: 2.4
Name: mcp-audit-cli
Version: 0.1.0
Summary: Automated security scanner and grading CLI for MCP servers.
Author-email: Hal <hal@hal.dev>
License-Expression: MIT
Keywords: mcp,security,scanner,audit,sarif
Classifier: Development Status :: 3 - Alpha
Classifier: Environment :: Console
Classifier: Intended Audience :: Developers
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Testing
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3 :: Only
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Requires-Python: >=3.10
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: click>=8.0
Requires-Dist: rich>=13.0
Requires-Dist: pydantic>=2.0
Provides-Extra: dev
Requires-Dist: pytest>=8; extra == "dev"
Requires-Dist: pytest-cov>=5; extra == "dev"
Requires-Dist: ruff>=0.6; extra == "dev"
Provides-Extra: pretty
Requires-Dist: rich>=13; extra == "pretty"
Dynamic: license-file

# MCPaudit

Automated security scanner + grading system for Model Context Protocol (MCP)
servers.

MCPaudit gives teams a fast A-F risk grade, concrete findings, and machine-readable
output before an MCP server is wired into an agent workflow. The free OSS CLI is the
trust builder; the natural paid tier is registry monitoring, scheduled scans,
historical grades, dashboards, and policy gates for CI/procurement review.

## Quick Start

```bash
pip install mcp-audit-cli

mcp-audit scan ./path/to/mcp-server
mcp-audit scan https://example.com/mcp --format json
mcp-audit scan ./server --format sarif --output mcp-audit.sarif
```

The legacy `mcpaudit` command is kept as a compatibility alias for the original
detector framework.

## Why It Exists

MCP servers turn tools, files, prompts, and APIs into model-accessible capabilities.
That makes security posture visible at the model layer: weak auth, broad file
access, tool poisoning, leaked secrets, unsafe command execution, and permissive
network settings can become agentic blast radius.

MCPaudit is built to make that risk obvious early.

## Vulnerability Coverage

The repository includes a 30-class CVE-style threat model and an MVP scanner with
15 MCP-focused checks:

- unauthenticated HTTP transports
- wildcard CORS
- plaintext HTTP endpoints
- hardcoded secrets
- command injection sinks
- shell execution
- path traversal
- broad filesystem access
- unsafe deserialization
- prompt or tool poisoning markers
- over-broad tool descriptions
- missing rate limiting
- debug mode enabled
- server/version disclosure
- missing audit logging

## Output Formats

- `table` / `terminal`: human-readable report with grade and findings
- `json`: stable JSON for dashboards and CI
- `sarif`: GitHub code scanning compatible output

## Architecture

```text
mcpaudit/
├── src/mcpaudit/           # Original Click/Rich detector framework
├── src/mcp_audit/          # Local-first CLI scanner and SARIF/JSON renderer
├── docs/threat-model.md    # Full vulnerability taxonomy narrative
├── docs/vulnerability-taxonomy.schema.json
├── docs/vulnerability-taxonomy.json
├── tests/                  # Detector and CLI scanner tests
└── pyproject.toml
```

## Grading

Findings are weighted by severity and converted into an A-F grade:

- `A`: no material findings
- `B`: low risk
- `C`: moderate risk
- `D`: high risk
- `F`: critical or severe accumulated risk

## Selling Angle

Suggested first buyer: security-conscious teams adopting MCP internally who need a
quick risk signal before allowing new servers into agent environments.

Paid tier wedge:

- registry monitoring for public/private MCP servers
- scheduled scans and drift alerts
- historical grades per server
- team dashboards and SARIF ingestion
- policy gates for CI and procurement review

## Development

```bash
python -m venv .venv
pip install -e ".[dev]"
pytest
ruff check .
mcp-audit scan tests --format sarif --output mcp-audit.sarif
```

## Roadmap

- [x] v0.1 - Bootstrap + threat model
- [x] v0.2 - Core detection engine MVP
- [x] v0.3 - CLI MVP with JSON and SARIF
- [ ] v0.4 - Package publishing and launch assets
- [ ] v0.5 - Cloud registry proof of concept

## License

MIT
