OWASP MCP Risk Scanner -- open-source security audit for MCP servers

We open-sourced an OWASP security scanner built for MCP servers and AI agents:

**[mcps-audit](https://github.com/razashariff/mcps-audit)** — scans codebases against [OWASP MCP Top 10](https://owasp.org/www-project-mcp-top-10/) and [OWASP Agentic AI Top 10](https://genai.owasp.org/resource/owasp-top-10-for-agentic-ai/), generates a PDF security audit report with findings, severity ratings, remediation guidance, and OWASP compliance matrices.

**What it does:**
- Scans JS/TS/Python MCP server code for security anti-patterns
- Maps findings to OWASP MCP Top 10 (tool poisoning, rug pulls, credential leaks) and OWASP Agentic AI Top 10 (prompt injection, excessive agency, insecure output)
- Generates a professional PDF audit report with line-level findings and remediation steps
- CLI: `npx mcps-audit ./your-project --name "Your Server"`

Built by the team behind the [MCPS Internet-Draft](https://datatracker.ietf.org/doc/draft-sharif-mcps-secure-mcp/) (cryptographic security layer for MCP).

Install: `npm install -g mcps-audit`

Happy to hear feedback or collaborate.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

OWASP MCP Risk Scanner -- open-source security audit for MCP servers #58

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

OWASP MCP Risk Scanner -- open-source security audit for MCP servers #58

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions