mcpsec-skillScan MCP server configuration files for security vulnerabilities using mcpsec (OWASP MCP Top 10). Use when: auditing MCP tool configs for prompt injection, h...
Install via ClawdBot CLI:
clawdbot install pfrederiksen/mcpsec-skillGrade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Accesses system directories or attempts privilege escalation
sudo mvCalls external URL not in known-safe list
https://github.com/pfrederiksen/mcpsec/releases/download/v1.0.0/checksums.txtAI Analysis
The skill's primary function is read-only security scanning of local config files, and it provides explicit checksum verification for its external binary. However, the installation command uses sudo to move a downloaded binary to /usr/local/bin, which could be exploited if the download is compromised, and it fetches from an external GitHub URL not on a pre-approved list.
Audited Apr 16, 2026 · audit v1.0
Generated Mar 21, 2026
A software development team using MCP servers for AI tool integration needs to regularly audit their configuration files for vulnerabilities like hardcoded secrets or excessive permissions before deploying to production. This skill automates scanning across tools like Claude Desktop and VS Code, ensuring compliance with security policies and preventing data breaches.
A financial institution leveraging MCP for AI-driven analytics must adhere to strict regulatory standards (e.g., GDPR, PCI-DSS) by detecting insecure transport or missing authentication in configs. This skill helps automate periodic audits, reducing manual effort and mitigating risks of unauthorized access or data leaks in sensitive environments.
A healthcare provider using MCP servers to integrate AI tools for patient data analysis needs to ensure config files do not contain vulnerabilities like prompt injection or hardcoded secrets that could compromise PHI. This skill scans for OWASP MCP Top 10 risks, supporting HIPAA compliance and safeguarding sensitive health information.
A university's IT department trains students on secure AI development practices by using this skill to scan MCP configs in lab environments. It helps identify common vulnerabilities like missing input validation, providing hands-on experience in security auditing and reinforcing best practices for future developers.
A cybersecurity consulting firm uses this skill to assess clients' MCP server configurations during security engagements, quickly identifying issues such as insecure transport or excessive permissions. It streamlines reporting with JSON output, enabling efficient risk analysis and tailored recommendations for remediation.
Integrate this skill into a cloud-based security platform that offers continuous monitoring and vulnerability scanning for MCP configurations. Revenue is generated through subscription fees from enterprises seeking automated compliance and real-time alerts on security risks in their AI toolchains.
Offer this skill as part of a managed service where security experts conduct regular audits of clients' MCP setups, providing detailed reports and remediation support. Revenue comes from service contracts and retainer fees, targeting organizations lacking in-house security expertise.
Provide paid support, customization, and training for this open-source skill, helping clients integrate it into their specific workflows or extend its capabilities. Revenue is earned through consulting fees, workshops, and premium support packages for businesses adopting MCP technologies.
💬 Integration Tip
Ensure the mcpsec binary is installed and on PATH before use, and verify checksums for supply chain security as outlined in the documentation to prevent tampering.
Scored Apr 19, 2026
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
Manage and operate ClawSec Monitor v3.0, a MITM HTTP/HTTPS proxy that logs AI agent traffic, detects exfiltration and injection threats in real time.
Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.
MoltGuard — OpenClaw security guard by OpenGuardrails. Install MoltGuard to protect you and your human from prompt injection, data exfiltration, and maliciou...
Safe command execution for OpenClaw Agents with automatic danger pattern detection, risk assessment, user approval workflow, and audit logging. Use when agen...
Scan ClawHub skills for security vulnerabilities BEFORE installing. Use when installing new skills from ClawHub to detect prompt injections, malware payloads, hardcoded secrets, and other threats. Wraps clawhub install with mcp-scan pre-flight checks.