Back to work
MCP security scanner · Rust
mcp-audit
MCP server configs ship with secrets, command-injection, and path-traversal risks no one checks.
View sourceWhat I built
A fast local Rust scanner implementing all 10 OWASP MCP Top 10 checks — regex exec-pattern matching, shell-metacharacter and path-traversal heuristics, secret detection — over Claude Code and Cursor config formats, emitting structured findings with severities. Verified producing input-driven (not hardcoded) findings.
Stack
RustOWASP MCPregexwalkdir
Status
Working scanner; maps findings to OWASP MCP Top 10.