MCP Audit Docs

VS Code Extension

Use the MCP Audit VS Code extension to scan a developer workspace.

Start Reading Open MCP Audit GitHub
On this page

VS Code Extension

The MCP Audit VS Code extension lets developers scan the current workspace without leaving the editor.

Local Developer Review Loop Use the editor extension to fix risky MCP exposure before commit and CI. Edit Config mcp.json Run Scan VS Code Problems findings Fix tool config Re-scan before commit

Install from the Visual Studio Marketplace:

ext install batoisystems.mcp-audit-vscode

The extension contributes a workspace scan command, opens a Markdown report in an editor tab, and publishes findings to the VS Code Problems panel.

When To Use It

  • Reviewing local MCP config changes
  • Checking a sample server before connecting an agent
  • Reviewing tool descriptions and side-effect labels
  • Finding hardcoded secrets or broad filesystem access before commit

For CI and release gating, use the CLI or GitHub Action.

Extension vs CLI

Use the extension whenUse the CLI when
A developer is editing local MCP files.A repeatable script or CI job is needed.
Findings should appear in the Problems panel.SARIF, JSON, SBOM, or Guard evidence is required.
The goal is quick feedback before commit.The goal is release evidence or branch protection.