Is io.github.joepangallo/mcp-audit-server safe to use?

io.github.joepangallo/mcp-audit-server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install io.github.joepangallo/mcp-audit-server?

io.github.joepangallo/mcp-audit-server can be installed by cloning its GitHub repository and following the setup instructions in the README.

What can io.github.joepangallo/mcp-audit-server do?

io.github.joepangallo/mcp-audit-server provides 10 tools: audit_mcp_config, audit_mcp_server, audit_agent_trust, audit_prompt_injection, audit_agent_dataflow and 5 more. See the full tools list on the server page for descriptions and parameters.

What AI clients work with io.github.joepangallo/mcp-audit-server?

io.github.joepangallo/mcp-audit-server is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.

Is io.github.joepangallo/mcp-audit-server actively maintained?

io.github.joepangallo/mcp-audit-server is recently maintained — last commit was 65 days ago.

io.github.joepangallo/mcp-audit-server

Thin MCP and CLI proxy for AI agent and MCP security auditing via a hosted backend

10 tools GitHub

No known CVEs

No license

Maintained

Last commit 65d ago

Works with most clients

Transport: stdio

10 tools · ~536 tok

Grade B · 0.3% of 200K ctx

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "io-github-joepangallo-mcp-audit-server": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-joepangallo-mcp-audit-server)](https://mcppedia.org/s/io-github-joepangallo-mcp-audit-server)

Read me

What io.github.joepangallo/mcp-audit-server does

Thin MCP server and CLI proxy for AI agent and MCP security auditing. It connects to a private audit API to analyze MCP configurations, test prompt injection resistance, trace data flows, scan packages, and generate security policies.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

59/100across 5 weighted dimensions

How we score →

0255075100

−41

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Inventory

Tools (10)

Click any tool to inspect its schema.

~536 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.joepangallo/mcp-audit-server safe to use?: io.github.joepangallo/mcp-audit-server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.joepangallo/mcp-audit-server?: io.github.joepangallo/mcp-audit-server can be installed by cloning its GitHub repository and following the setup instructions in the README.
What can io.github.joepangallo/mcp-audit-server do?: io.github.joepangallo/mcp-audit-server provides 10 tools: audit_mcp_config, audit_mcp_server, audit_agent_trust, audit_prompt_injection, audit_agent_dataflow and 5 more. See the full tools list on the server page for descriptions and parameters.
What AI clients work with io.github.joepangallo/mcp-audit-server?: io.github.joepangallo/mcp-audit-server is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is io.github.joepangallo/mcp-audit-server actively maintained?: io.github.joepangallo/mcp-audit-server is recently maintained — last commit was 65 days ago.

Similar servers

Others in security

View all →

Evil Mcp Server93

An evil MCP server used for redteam testing

30 1

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

9.0k 3

io.github.jasonxkensei/xproof92

Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.

1 1

Nothumanallowed91

Security-first platform for AI agents. 38 specialized agents, 15 AI-powered extensions, zero-knowledge multi-agent orchestration. SENTINEL WAF, Ed25519 auth, 2.6M grounding facts.

97 5

MCP Security Weekly

Get CVE alerts and security updates for io.github.joepangallo/mcp-audit-server and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "io-github-joepangallo-mcp-audit-server": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-joepangallo-mcp-audit-server)](https://mcppedia.org/s/io-github-joepangallo-mcp-audit-server)

Read me

What io.github.joepangallo/mcp-audit-server does

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

README

mcp-audit-server

This package is a thin proxy. All scan logic lives in a private backend operated by you or your provider.

Managed hosted flow:

set AGENT_SECURITY_API_KEY
the package will automatically target https://audit.leddconsulting.com

Self-hosted or private-network flow:

set AGENT_SECURITY_BASE_URL to your HTTPS API origin
or set AGENT_SECURITY_HOST and AGENT_SECURITY_PORT for a loopback/private deployment

Hosted backend access is not bundled with this package. If you want managed access or a licensed private deployment, contact Ledd Consulting.

Registry and Directories

npm package: ledd-mcp-audit-server
Official MCP Registry name: io.github.joepangallo/mcp-audit-server
Downstream directories such as Glama and PulseMCP should ingest from the official MCP Registry, so you usually do not need separate manual submissions for each site.
Glama authorship claim is optional. It only gives you ownership of the Glama page and access to manual sync and re-scan controls.

Install

npm install ledd-mcp-audit-server

Install package: ledd-mcp-audit-server CLI command after install: mcp-audit-server

This is the public package that should be published to npm and listed in public MCP directories. The audit engine itself stays private.

The old package name mcp-server-agent-security is retired. See MIGRATION.md for upgrade steps and the deprecation plan.

Usage as MCP Server

Add to your MCP client configuration (Claude Desktop, Cursor, etc.):

{
  "mcpServers": {
    "mcp-audit-server": {
      "command": "npx",
      "args": ["-y", "ledd-mcp-audit-server", "--mcp"],
      "env": {
        "AGENT_SECURITY_API_KEY": "your-issued-api-key"
      }
    }
  }
}

For a self-hosted backend, add AGENT_SECURITY_BASE_URL to that same env block.

The server exposes 10 tools over stdio:

Tool	Description
`audit_mcp_config`	Static analysis of MCP config JSON for privilege, auth, transport, and launch risks
`audit_mcp_server`	Active probing of a running MCP server over stdio (requires `AGENT_SECURITY_ADMIN_MODE=1`)
`audit_agent_trust`	Trust audit for tool permissions, execution provenance, secret exposure controls, policy drift, and deployment trust score
`audit_prompt_injection`	Tests a system prompt against a 30+ payload injection catalog
`audit_agent_dataflow`	Traces PII and secret exposure through an agent's tool pipeline
`scan_mcp_package`	Scans an npm MCP package for dependency vulnerabilities and dangerous patterns
`generate_report`	Combines multiple audit results into a composite report with executive summary
`fix_mcp_config`	Auto-remediates config issues: removes unsafe flags, upgrades transport, redacts secrets
`harden_system_prompt`	Appends injection-resistant guardrails to a system prompt
`generate_policy`	Generates an enforceable JSON security policy from an MCP config

Usage as CLI

The CLI forwards commands to the private audit API.

# Hosted quick start
export AGENT_SECURITY_API_KEY=your-issued-api-key

# Audit an MCP configuration file
mcp-audit-server scan-config ./claude_desktop_config.json

# Probe a live MCP server (requires AGENT_SECURITY_ADMIN_MODE=1)
mcp-audit-server scan-server npx -y @modelcontextprotocol/server-filesystem /tmp

# Audit trust posture and policy drift for an agent/MCP deployment
mcp-audit-server scan-trust ./claude_desktop_config.json ./claimed-policy.json

# Scan an npm package for vulnerabilities
mcp-audit-server scan-package @modelcontextprotocol/server-shell

# Test a system prompt for injection vulnerabilities
mcp-audit-server scan-injection ./sy

... [View full README on GitHub](https://github.com/joepangallo/mcp-audit-server#readme)

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

59/100across 5 weighted dimensions

How we score →

0255075100

−41

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Inventory

Tools (10)

Click any tool to inspect its schema.

~536 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.joepangallo/mcp-audit-server safe to use?: io.github.joepangallo/mcp-audit-server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.joepangallo/mcp-audit-server?: io.github.joepangallo/mcp-audit-server can be installed by cloning its GitHub repository and following the setup instructions in the README.
What can io.github.joepangallo/mcp-audit-server do?: io.github.joepangallo/mcp-audit-server provides 10 tools: audit_mcp_config, audit_mcp_server, audit_agent_trust, audit_prompt_injection, audit_agent_dataflow and 5 more. See the full tools list on the server page for descriptions and parameters.
What AI clients work with io.github.joepangallo/mcp-audit-server?: io.github.joepangallo/mcp-audit-server is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is io.github.joepangallo/mcp-audit-server actively maintained?: io.github.joepangallo/mcp-audit-server is recently maintained — last commit was 65 days ago.

Similar servers

Others in security

View all →

Evil Mcp Server93

An evil MCP server used for redteam testing

30 1

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

9.0k 3

io.github.jasonxkensei/xproof92

Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.

1 1

Nothumanallowed91

Security-first platform for AI agents. 38 specialized agents, 15 AI-powered extensions, zero-knowledge multi-agent orchestration. SENTINEL WAF, Ed25519 auth, 2.6M grounding facts.

97 5

MCP Security Weekly

Get CVE alerts and security updates for io.github.joepangallo/mcp-audit-server and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?