MCP Security Audit

v1.0.0β€’Securityβ€’stable

πŸ“‡ ☁️ A powerful MCP (Model Context Protocol) Server that audits npm package dependencies for security vulnerabilities. Built with remote npm registry integration for real-time security checks.

auditmodel-context-protocolnpmsecurity
Share:
52
Stars
0
Downloads
0
Weekly
0/5

What is MCP Security Audit?

MCP Security Audit is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to πŸ“‡ ☁️ a powerful mcp (model context protocol) server that audits npm package dependencies for security vulnerabilities. built with remote npm registry integration for real-time security checks.

πŸ“‡ ☁️ A powerful MCP (Model Context Protocol) Server that audits npm package dependencies for security vulnerabilities. Built with remote npm registry integration for real-time security checks.

This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • πŸ“‡ ☁️ A powerful MCP (Model Context Protocol) Server that aud

Use Cases

npm package vulnerability scanning
Real-time security dependency checks
qianniuspace

Maintainer

LicenseMIT License
Languagetypescript
Versionv1.0.0
UpdatedMar 12, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

Manual Installation

npx mcp-security-audit-server

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use MCP Security Audit

MCP Security Audit Server is a TypeScript MCP server that scans npm package dependencies in real time for known security vulnerabilities by querying the npm registry directly. It classifies findings by severity (critical, high, moderate, low), provides CVSS scores and CVE identifiers, and suggests specific fixed versions for each vulnerable package. Frontend and Node.js developers use it to catch vulnerable dependencies during development without running a separate audit command.

Prerequisites

  • Node.js 16+ and npm installed
  • An npm-based project with a package.json to audit
  • An MCP-compatible client such as Claude Desktop, Cursor, or Cline
  • Network access to the npm registry (registry.npmjs.org)
1

Install via Smithery (recommended)

The easiest installation method uses the Smithery CLI to configure the server automatically for your chosen client.

npx -y @smithery/cli install @qianniuspace/mcp-security-audit --client claude
2

Or install and build manually

Clone the repository, install dependencies, and build the TypeScript project manually if you prefer not to use Smithery.

git clone https://github.com/qianniuspace/mcp-security-audit.git
cd mcp-security-audit
npm install && npm run build
3

Add the server to your MCP client configuration

Edit your MCP client config file to register the security audit server. No API keys are requiredβ€”it queries the public npm registry.

4

Restart your MCP client

Quit and reopen Claude Desktop (or reload your IDE) to pick up the new server registration.

5

Run your first audit

Ask Claude to audit a specific package or your project's dependencies. The server returns structured vulnerability data including CVE IDs and fix recommendations.

MCP Security Audit Examples

Client configuration

Add this to your claude_desktop_config.json. No environment variables are required for the npm registry queries.

{
  "mcpServers": {
    "mcp-security-audit": {
      "command": "npx",
      "args": ["-y", "mcp-security-audit"]
    }
  }
}

Prompts to try

Example prompts for scanning packages and project dependencies for security vulnerabilities.

- "Check if the lodash package has any known security vulnerabilities"
- "Audit all dependencies in my package.json and list critical and high severity issues"
- "What CVEs affect express 4.17.1 and what version fixes them?"
- "Scan this project's npm dependencies and generate a security report with remediation steps"
- "Are there any vulnerabilities in the packages we're using that have CVSS scores above 8?"

Troubleshooting MCP Security Audit

Audit returns no results for a package

Verify the package name and version are spelled correctly. Some packages have no registered advisories even if they have known issuesβ€”cross-check with npm audit or the GitHub Advisory Database.

Server fails to start after manual build

Ensure you ran 'npm run build' successfully and that the dist/ directory was created. Check that Node.js 16+ is installed with 'node --version'.

Rate limiting or network errors from the npm registry

The server queries the public npm registry, which may throttle high-volume requests. Add a delay between bulk audits or use a private registry mirror if operating in a restricted network environment.

Frequently Asked Questions about MCP Security Audit

What is MCP Security Audit?

MCP Security Audit is a Model Context Protocol (MCP) server that πŸ“‡ ☁️ a powerful mcp (model context protocol) server that audits npm package dependencies for security vulnerabilities. built with remote npm registry integration for real-time security checks. It connects AI assistants to external tools and data sources through a standardized interface.

How do I install MCP Security Audit?

Follow the installation instructions on the MCP Security Audit GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with MCP Security Audit?

MCP Security Audit works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is MCP Security Audit free to use?

Yes, MCP Security Audit is open source and available under the MIT License license. You can use it freely in both personal and commercial projects.

MCP Security Audit Alternatives β€” Similar Security Servers

Looking for alternatives to MCP Security Audit? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Casdoor

β˜… 13.6k

An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD

ghidraMCP

β˜… 9.0k

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

HexStrike AI

β˜… 8.9k

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b

IDA Pro MCP

β˜… 8.7k

Enables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.

Anthropic Cybersecurity Skills

β˜… 6.6k

754 structured cybersecurity skills for AI agents Β· Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF Β· agentskills.io standard Β· Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform

Hooker

β˜… 5.1k

πŸ”₯πŸ”₯ hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "mcp-security-audit-server": { "command": "npx", "args": ["-y", "mcp-security-audit-server"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide β†’

Ready to use MCP Security Audit?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides