Safety Report

MCP Security Auditor Lite

Name: MCP Security Auditor Lite
Author: apex-stack-ai

Free version — scan your MCP configuration for the top 3 security risks. Tool description injection, permission sprawl, and supply chain trust.

122Downloads

0Installs

0Stars

1Versions

Security & Compliance4,334 CLI & Shell Tools4,287 Networking & DNS2,429

Security Analysis

high confidence

Clean0.08 risk

An instruction-only “lite” config-auditing checklist that is internally consistent with its stated purpose and requests no unusual privileges or installs.

Apr 2, 20261 files2 concerns

Purpose & Capabilityok

Name and description match SKILL.md: it promises a lightweight, manual-style security scan of MCP configs across three dimensions. There are no unexpected binaries, env vars, or installs required.

Instruction Scopenote

The skill is instruction-only and asks the agent to evaluate MCP config/tool lists provided by the user using the included rubrics. This is expected, but the rubric-driven analysis is manual reasoning rather than automated checks; the user must supply config data (which may contain secrets) and the agent will analyze it.

Install Mechanismok

No install spec or code files; lowest-risk delivery model. Nothing is downloaded or written to disk by the skill itself.

Credentialsnote

The skill declares no required credentials or environment access (appropriate). However, it requires the user to paste MCP configs/tool lists — those artifacts can contain sensitive secrets or tokens, so the user should sanitize inputs before sharing.

Persistence & Privilegeok

always is false and default invocation behavior is normal. The skill does not request persistent presence or system-wide changes.

Guidance

This skill is a checklist-style, manual analyzer and is internally consistent with its description. Before using it: do not paste live secrets, API keys, or private keys into the chat — sanitize or redact sensitive fields; verify any remediation steps before applying them; treat the paid-version link as an external marketing URL (don’t provide credentials there); and remember the output is agent reasoning (not an automated code audit), so consider running independent tooling for confirmatory checks if you need high assurance.

Latest Release

v1.0.0

Initial release of MCP Security Auditor Lite. - Launches free version to scan MCP configurations for the top 3 security risks: tool description integrity, permission sprawl, and supply chain trust. - Provides scoring and actionable recommendations for each risk. - Includes a concise output template to summarize findings and top fixes. - Full version link provided for advanced auditing and extra features.

Popular Skills

Apex Trading & Analysis

@apex · 6 stars

self-improving-agent

@pskoett · 1,456 stars

Gog

@steipete · 672 stars

Tavily Web Search

@arun-8687 · 620 stars

Find Skills

@JimLiuxinghai · 529 stars

Proactive Agent

@halthelobster · 426 stars

Published by @apex-stack-ai on ClawHub