Why Audit Matters
MCP servers are trusted tool providers for AI agents. Vulnerabilities in MCP servers translate directly into agent compromise — tool poisoning, privilege escalation, indirect prompt injection, and credential exposure. The audit module systematically checks for these issues so you can identify and remediate them before attackers do.How It Works
The audit scanning pipeline follows five steps:- Connect — Establish a connection to the target MCP server via stdio, SSE, or Streamable HTTP
- Enumerate — Discover all tools, resources, and prompts exposed by the server
- Scan — Run each scanner module against the discovered attack surface
- Aggregate — Collect findings across all scanners into a unified result
- Report — Output a JSON, HTML, or SARIF report with severity-rated findings mapped to OWASP categories
Built-in Components
- 10 scanner modules — One per OWASP MCP Top 10 category, covering token mismanagement, privilege escalation, tool poisoning, supply chain integrity, command injection, prompt injection, authentication, telemetry, shadow servers, and context over-sharing
- 3 report formats — HTML for human review, SARIF for CI/CD integration, JSON for programmatic consumption
- Fixture-based testing infrastructure — Intentionally vulnerable MCP servers for offline scanner development and validation
Next Steps
- Audit CLI Reference — Command reference for
counteragent audit - OWASP Mapping — How findings map to the OWASP MCP Top 10
- SARIF Output — SARIF report format and CI/CD integration
- Scanner Fixtures — Vulnerable fixture servers for testing