⚠️Install with caution. This skill has very few installs. Always review the source and verify it on clawhub.ai before installing. Community-built skills run with agent permissions — only install ones you trust.

🔐 Security & Audit

Mcpsecv1.0.4

Name: Mcpsec
Author: pfrederiksen

mcpsec

pfrederiksen

Scan MCP server configuration files for security vulnerabilities using mcpsec (OWASP MCP Top 10). Use when: auditing MCP tool configs for prompt injection, h...

latest

Download Package View on ClawHub

Installs (all time)

Installs (current)

Downloads

142

Stars

CreatedMar 26, 2026

UpdatedMar 26, 2026

Install & Quick Start

Install via ClawdBot CLI:

clawdbot install pfrederiksen/mcpsec

Skill Package3 files

📋SKILL.mdmarkdown

Failed to load file.

Quality Score

B60/100

Grade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.

Market Validation4/35

· 142 downloads (low demand)
· No tracked installs (may still have real users via manual install)

Documentation20/25

· SKILL.md present
· Detailed documentation (≥3000 chars)
· Contains usage examples or trigger description
· Detailed summary

Package Completeness11/15

· skillAssets present (2 files)

Security Analysis

💙 Low Risk

SUSPICIOUS_PERMISSIONSmedium

Accesses system directories or attempts privilege escalation

sudo mv

UNDOCUMENTED_EXTERNALlow

Calls external URL not in known-safe list

https://github.com/pfrederiksen/mcpsec/releases/download/v1.0.0/checksums.txt

Audited Apr 17, 2026 · audit v1.0

💡

Usage Guide

Generated May 7, 2026

Security engineers auditing MCP configurationsDevelopers using MCP-based AI agentsDevOps teams integrating security scans in CI/CDbeginner

💡 Application Scenarios

Automated Security Audit of MCP ConfigurationsCybersecurity

A security team regularly scans all MCP server configuration files across developer workstations to detect OWASP MCP Top 10 vulnerabilities. This ensures early detection of hardcoded secrets, missing authentication, and excessive permissions before deployment.

CI/CD Pipeline Security Gate for MCP ToolsDevOps

Integrate mcpsec into a CI/CD pipeline to automatically scan MCP configuration files as part of the build process. Any critical or high-severity findings can block the pipeline, preventing insecure configurations from reaching production.

Compliance Auditing for AI Agent DeploymentsEnterprise IT

Organizations deploying AI agents with MCP tools use mcpsec to demonstrate compliance with internal security policies or regulatory standards. The JSON output can be fed into a SIEM or dashboard for continuous monitoring.

Developer Self-Service Security ScanSoftware Development

Developers can run mcpsec locally before committing MCP configuration files to version control. The quiet mode is ideal for pre-commit hooks, notifying only when issues are found.

💼 Business Models

Security Consulting Add-OnPer-engagement fees, subscription for continuous monitoring

Offer mcpsec scanning as a value-added service during security audits of AI agent deployments. Generate reports with severity levels to justify remediation efforts.

Managed Security Service Provider (MSSP) OfferingMonthly subscription per client based on number of endpoints

Incorporate mcpsec into a managed security service that monitors MCP configurations for clients. Automate scanning and provide alerts for new vulnerabilities.

DevOps Toolchain Integration PlatformFlat licensing fee per user or per organization

Build a platform that integrates mcpsec with other DevOps tools (e.g., Jira, Slack) to automatically create tickets for security findings. Charge for the integration and analytics layer.

💬 Integration Tip

Ensure the mcpsec binary is on the system PATH and Python 3.10+ is available. For CI/CD, use the JSON output format for easy parsing.