MCP Audit Docs

MCP Audit

Security auditing and policy checks for Model Context Protocol servers and agent toolchains.

Start Reading Open MCP Audit GitHub
On this page

MCP Audit

MCP Audit is an open source security auditing tool for Model Context Protocol servers and agent toolchains.

Use it before connecting an MCP server to an AI agent. It inspects local MCP configurations, exposed tools, resources, prompts, launch commands, transport settings, policy posture, and common data-exfiltration risks.

MCP Audit Review Boundary Inspect local MCP surfaces before an agent receives tool access. Project Inputs MCP configs Server launchers Package scripts Docker Compose MCP Audit Scanner stages Discovery Risk checks Policy evaluation Review Outputs Findings SARIF SBOM Guard evidence Discovery only until a reviewer chooses an action

Why MCP Audit Exists

MCP servers can expose files, commands, databases, browsers, cloud systems, and internal APIs to an agent. A configuration that looks convenient in development can become risky when connected to an autonomous workflow.

MCP Audit gives teams a repeatable review boundary before those tools are enabled. It checks what is exposed, how it is launched, whether policy controls are present, and what evidence should be retained.

What It Does Not Do

  • It does not replace application security testing.
  • It does not approve an MCP server for production by itself.
  • It does not execute tools during normal scans.
  • Runtime probe mode is discovery-only and should be used with the same care as any local server interaction.

Where It Fits

Use MCP Audit during local development, pull request review, CI checks, and release evidence collection. For governed Batoi workflows, its Guard evidence output can support platform review and audit trails.

What It Checks

  • MCP client and server configuration files
  • Exposed tools, resources, prompts, and risky descriptions
  • Broad filesystem access and sensitive home-directory paths
  • Shell command launchers and unsafe command patterns
  • Hardcoded secrets and auth gaps
  • HTTP and stdio MCP discovery posture
  • Policy files, suppressions, and custom rules
  • SBOM and provenance evidence
  • Markdown, JSON, SARIF, and Batoi Guard evidence output

Public Repository

Source code is available at github.com/batoisystems/mcp-audit.

Start Here

  • Read the getting started guide to run the first scan.
  • Add policy files for organization-specific controls.
  • Export SARIF for code scanning or Batoi Guard evidence for governance records.
  • Use the VS Code extension when developers need a local workspace scan.