--- name: security:mcp-audit description: Audit all installed MCP server configurations for security risks, trust verification, and permission analysis allowed-tools: Read, Glob, Grep, Agent, Bash model: sonnet --- # /security mcp-audit [--live] Full MCP server security audit — project-level and global. Add `--live` to also connect to running servers and scan live tool descriptions. ## Step 0: Parse Flags If `$ARGUMENTS` contains `--live`, strip it and set `run_live_inspection = true`. ## Step 1: Discovery Read MCP configs from: `.mcp.json`, `.claude/settings.json`, `claude_desktop_config.json`, `~/.claude/settings.json`, `~/.claude/mcp.json`, `~/.config/claude/mcp.json`. For each server extract: name, transport (stdio/sse), command+args or URL, env var names (redact values), source origin. Report total count. ## Step 2: Scan Spawn `subagent_type: "llm-security:mcp-scanner-agent"`, `model: "sonnet"`: > Full MCP audit. Read: \/knowledge/mcp-threat-patterns.md > Execute all 5 phases per server (tool descriptions, source code, dependencies, config, rug pull detection). > Servers: \ > Return per-server trust rating + findings. ## Step 3: Report Output: MCP Landscape Summary table (server, source, transport, trust rating, finding counts). Overall risk: Low (all trusted) / Medium (cautious+high) / High (untrusted) / Critical (dangerous). Group servers: Keep / Review / Remove immediately. ## Step 4: Live Inspection (only if `--live`) Run: `node /scanners/mcp-live-inspect.mjs ""` Parse JSON output. Append a **Live Inspection Results** section: - Contact status per server (contacted / timed-out / skipped / failed) - Live injection findings (sorted critical → info) - Tool shadowing across servers **Cross-reference escalation:** If a server was rated "Untrusted" or "Dangerous" in Step 2 AND has live injection findings → escalate to CRITICAL priority in the final report and highlight as "Confirmed active threat (static + live)". ## Step 5: HTML Report After producing the markdown MCP audit report (Step 3 + optional Step 4 Live Inspection): 1. Compute a temp markdown path: ```bash node -p "require('path').join(require('os').tmpdir(), 'sec-mcp-audit-' + Date.now() + '.md')" ``` 2. Use the Write tool to save the **entire markdown report you just produced** (MCP Landscape Summary + per-server analysis + Live Inspection Results section if `--live` + Keep/Review/Remove groupings + overall risk) to that temp path. Verbatim. 3. Run the renderer: ```bash node /scripts/render-report.mjs mcp-audit --in "" ``` The CLI writes `reports/mcp-audit-.html` relative to CWD and prints `file:///abs/path.html` on stdout. 4. Append to your response (markdown link, no bare URL): > **HTML report:** [Open in browser](file:///abs/path.html) If the CLI exits non-zero, mention the error but do not block — the markdown report above is the primary deliverable.