MCP Servers

A collection of Model Context Protocol servers, templates, tools and more.

M
MCP Agent Security Kit
by @musaabhasan
GitHub Repo(1 stars)

Practical audit tools and controls for securing MCP servers and agentic AI tool access.

Created 5/5/2026
Updated about 5 hours ago
README
View Source
Repository documentation and setup instructions

MCP Agent Security Kit

Practical audit tools, threat models, and control templates for securing Model Context Protocol (MCP) servers and agentic AI tool access.

AI agents are moving from chat interfaces into systems that can read files, call APIs, query databases, trigger workflows, and act with user or service credentials. MCP makes that integration easier, but it also turns tool configuration into a security boundary. This project helps teams review that boundary before agents are connected to sensitive systems.

What This Repository Provides

  • A dependency-free Python CLI that audits MCP server configuration files.
  • Detection rules for risky local commands, unpinned package runners, secret exposure, unencrypted remote servers, missing auth, broad filesystem access, and dangerous execution flags.
  • Safe and risky MCP configuration examples for testing.
  • A threat model for MCP and agentic tool access.
  • A control matrix aligned to agentic AI security, identity, logging, and governance concerns.
  • A practical launch checklist for teams piloting AI agents.

Why This Topic Matters Now

Agentic AI and MCP security are becoming high-priority security topics because agents can combine natural-language instructions with real system authority. Current guidance and research emphasize the same themes:

  • OWASP published the Top 10 for Agentic Applications 2026, covering risks such as goal hijacking, tool misuse, unexpected code execution, insecure inter-agent communication, and agentic supply chain exposure.
  • NIST continues to operationalize the AI Risk Management Framework and Generative AI Profile for real-world governance, testing, and monitoring.
  • MCP adoption is expanding across AI tools, which increases the importance of secure tool configuration, authentication, and least privilege.
  • Recent MCP security research highlights risks from prompt injection, tool poisoning, unsafe local execution, and over-privileged tool access.

Quick Start

Install the repository locally:

python -m pip install -e .

Run the audit tool:

python -m mcp_agent_security_kit.audit examples/mcp-config-risky.json

Write a Markdown report:

python -m mcp_agent_security_kit.audit examples/mcp-config-risky.json --output reports/mcp-audit.md

Fail a pipeline when high-risk findings exist:

python -m mcp_agent_security_kit.audit examples/mcp-config-risky.json --fail-on high

After installation:

mcp-agent-audit examples/mcp-config-risky.json --format json

Supported Configuration Shapes

The auditor supports common MCP configuration layouts:

{
  "mcpServers": {
    "filesystem": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-filesystem", "/tmp"]
    }
  }
}

It also handles top-level server maps and remote server entries with url, headers, and env fields.

Detection Rules

| Rule | Risk | | --- | --- | | MCP-001 | Remote MCP server uses unencrypted HTTP | | MCP-002 | Remote MCP server has no clear authentication signal | | MCP-003 | Secret-like values are configured inline in environment variables | | MCP-004 | Package runner is used without an obvious package version pin | | MCP-005 | Shell or evaluator command can execute arbitrary code | | MCP-006 | Dangerous execution flags are present | | MCP-007 | Broad filesystem access is granted | | MCP-008 | Docker configuration uses privileged or host-level access | | MCP-009 | Server has no visible owner or risk owner metadata | | MCP-010 | Filesystem-like tool lacks a read-only signal |

Example Output

# MCP Agent Security Audit

Risk score: 82 / 100

| Severity | Rule | Server | Finding |
| --- | --- | --- | --- |
| critical | MCP-005 | shell | Shell or evaluator command can execute arbitrary code |
| high | MCP-003 | github | Secret-like environment variable is configured inline |
| medium | MCP-004 | filesystem | Package runner is used without an obvious package version pin |

Repository Map

| Path | Purpose | | --- | --- | | src/mcp_agent_security_kit/audit.py | MCP configuration audit CLI | | examples/mcp-config-risky.json | Intentionally risky sample configuration | | examples/mcp-config-safer.json | Safer sample configuration | | docs/threat-model.md | MCP and agentic tool threat model | | docs/agent-identity-model.md | Identity and authorization model for MCP-enabled agents | | docs/control-matrix.md | Control matrix for identity, tools, logging, and governance | | docs/launch-checklist.md | Practical rollout checklist |

Security Position

This tool is a configuration review helper. It does not replace code review, penetration testing, architecture review, vendor due diligence, or runtime monitoring. Use it as a fast first pass before connecting agents to sensitive systems.

Contributing

Contributions are welcome, especially:

  • new MCP configuration examples,
  • additional audit rules,
  • mappings to security frameworks,
  • CI integrations,
  • real-world hardening notes.

Please keep examples sanitized. Do not commit real tokens, internal URLs, private hostnames, or customer data.

Quick Setup
Installation guide for this server

Install Package (if required)

uvx mcp-agent-security-kit

Cursor configuration (mcp.json)

{ "mcpServers": { "musaabhasan-mcp-agent-security-kit": { "command": "uvx", "args": [ "mcp-agent-security-kit" ] } } }