Is Mcp Security Audit safe to use?

Mcp Security Audit has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.

How do I install Mcp Security Audit?

Mcp Security Audit supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What AI clients work with Mcp Security Audit?

Mcp Security Audit is compatible with claude-desktop, cursor, claude-code. It uses stdio and http transport.

Is Mcp Security Audit actively maintained?

Mcp Security Audit is less actively maintained — last commit was 316 days ago. It has 53 GitHub stars.

Mcp Security Audit

Name: Mcp Security Audit
Author: qianniuspace

@qianniuspace/mcp-security-audit · by qianniuspace

A powerful MCP (Model Context Protocol) Server that audits npm package dependencies for security vulnerabilities. Built with remote npm registry integration for real-time security checks.

53 0 tools GitHub npm

No known CVEs

MIT license

Stale

Last commit 316d ago

Works with most clients

Transport: stdio, http

0 tools

Grade F

Edit this pageView history

Security Developer Tools

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "mcp-security-audit": {
      "args": [
        "-y",
        "mcp-security-audit"
      ],
      "command": "npx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/mcp-security-audit)](https://mcppedia.org/s/mcp-security-audit)

Read me

What Mcp Security Audit does

A powerful MCP (Model Context Protocol) Server that audits npm package dependencies for security vulnerabilities. Built with remote npm registry integration for real-time security checks.

Test This Server

This server supports HTTP transport. Be the first to test it — help the community know if it works.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

50/100across 5 weighted dimensions

How we score →

0255075100

−50

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

Checked @qianniuspace/mcp-security-audit against OSV.dev.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Mcp Security Audit safe to use?: Mcp Security Audit has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install Mcp Security Audit?: Mcp Security Audit supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with Mcp Security Audit?: Mcp Security Audit is compatible with claude-desktop, cursor, claude-code. It uses stdio and http transport.
Is Mcp Security Audit actively maintained?: Mcp Security Audit is less actively maintained — last commit was 316 days ago. It has 53 GitHub stars.

Similar servers

Others in security / developer-tools

View all →

XcodeBuildMCP97

A Model Context Protocol (MCP) server and CLI that provides tools for agent use when working on iOS and macOS projects.

5.8k 2

XcodeBuildMCP97

XcodeBuildMCP provides tools for Xcode project management, simulator management, and app utilities.

5.8k 1

Figma Console Mcp96

MCP server for accessing Figma plugin console logs and screenshots via Cloudflare Workers or local mode

1.7k 2

Mcp Gitlab96

MCP server for using the GitLab API

1.6k 12

MCP Security Weekly

Get CVE alerts and security updates for Mcp Security Audit and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Security Developer Tools

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "mcp-security-audit": {
      "args": [
        "-y",
        "mcp-security-audit"
      ],
      "command": "npx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/mcp-security-audit)](https://mcppedia.org/s/mcp-security-audit)

Read me

What Mcp Security Audit does

A powerful MCP (Model Context Protocol) Server that audits npm package dependencies for security vulnerabilities. Built with remote npm registry integration for real-time security checks.

Test This Server

This server supports HTTP transport. Be the first to test it — help the community know if it works.

README

Security Audit Tool

A powerful MCP (Model Context Protocol) Server that audits npm package dependencies for security vulnerabilities. Built with remote npm registry integration for real-time security checks.

Features

🔍 Real-time security vulnerability scanning
🚀 Remote npm registry integration
📊 Detailed vulnerability reports with severity levels
🛡️ Support for multiple severity levels (critical, high, moderate, low)
📦 Compatible with npm/pnpm/yarn package managers
🔄 Automatic fix recommendations
📋 CVSS scoring and CVE references

Installing via Smithery

To install Security Audit Tool for Claude Desktop automatically via Smithery:

npx -y @smithery/cli install @qianniuspace/mcp-security-audit --client claude

MCP Integration

Option 1: Using NPX (Recommended)

Add MCP configuration to Cline /Cursor:

{
  "mcpServers": {
    "mcp-security-audit": {
      "command": "npx",
      "args": ["-y", "mcp-security-audit"]
    }
  }
}

Option 2: Download Source Code and Configure Manually

Clone the repository:

git clone https://github.com/qianniuspace/mcp-security-audit.git
cd mcp-security-audit

Install dependencies and build:

npm install
npm run build

Add MCP configuration to Cline /Cursor :

{
  "mcpServers": {
    "mcp-security-audit": {
      "command": "npx",
      "args": ["-y", "/path/to/mcp-security-audit/build/index.js"]
    }
  }
}

Configuration Screenshots

Cursor Configuration

Cline Configuration

API Response Format

The tool provides detailed vulnerability information including severity levels, fix recommendations, CVSS scores, and CVE references.

Response Examples

1. When Vulnerabilities Found (Severity-response.json)

{
  "content": [{
    "vulnerability": {
      "packageName": "lodash",
      "version": "4.17.15",
      "severity": "high",
      "description": "Prototype Pollution in lodash",
      "cve": "CVE-2020-8203",
      "githubAdvisoryId": "GHSA-p6mc-m468-83gw",
      "recommendation": "Upgrade to version 4.17.19 or later",
      "fixAvailable": true,
      "fixedVersion": "4.17.19",
      "cvss": {
        "score": 7.4,
        "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
      },
      "cwe": ["CWE-1321"],
      "url": "https://github.com/advisories/GHSA-p6mc-m468-83gw"
    },
    "metadata": {
      "timestamp": "2024-04-23T10:00:00.000Z",
      "packageManager": "npm"
    }
  }]
}

2. When No Vulnerabilities Found (no-Severity-response.json)

{
  "content": [{
    "vulnerability": null,
    "metadata": {
      "timestamp": "2024-04-23T10:00:00.000Z",
      "packageManager": "npm",
      "message": "No known vulnerabilities found"
    }
  }]
}

Development

For development reference, check the example response files in the public directory:

Severity-response.json : Example response when vulnerabilities are found (transformed from npm audit API response)
no-Severity-response.json : Example response when no vulnerabilities are found (transformed from npm audit API response)

Note: The example responses shown above are transformed from the raw npm audit API responses to provide

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

50/100across 5 weighted dimensions

How we score →

0255075100

−50

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

Checked @qianniuspace/mcp-security-audit against OSV.dev.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Mcp Security Audit safe to use?: Mcp Security Audit has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install Mcp Security Audit?: Mcp Security Audit supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with Mcp Security Audit?: Mcp Security Audit is compatible with claude-desktop, cursor, claude-code. It uses stdio and http transport.
Is Mcp Security Audit actively maintained?: Mcp Security Audit is less actively maintained — last commit was 316 days ago. It has 53 GitHub stars.