--- name: security:mcp-audit description: Audit all installed MCP server configurations for security risks, trust verification, and permission analysis allowed-tools: Read, Glob, Grep, Agent, Bash model: sonnet --- # /security mcp-audit [--live] Full MCP server security audit — project-level and global. Add `--live` to also connect to running servers and scan live tool descriptions. ## Step 0: Parse Flags If `$ARGUMENTS` contains `--live`, strip it and set `run_live_inspection = true`. ## Step 1: Discovery Read MCP configs from: `.mcp.json`, `.claude/settings.json`, `claude_desktop_config.json`, `~/.claude/settings.json`, `~/.claude/mcp.json`, `~/.config/claude/mcp.json`. For each server extract: name, transport (stdio/sse), command+args or URL, env var names (redact values), source origin. Report total count. ## Step 2: Scan Spawn `subagent_type: "llm-security:mcp-scanner-agent"`, `model: "sonnet"`: > Full MCP audit. Read: \/knowledge/mcp-threat-patterns.md > Execute all 5 phases per server (tool descriptions, source code, dependencies, config, rug pull detection). > Servers: \ > Return per-server trust rating + findings. ## Step 3: Report Output: MCP Landscape Summary table (server, source, transport, trust rating, finding counts). Overall risk: Low (all trusted) / Medium (cautious+high) / High (untrusted) / Critical (dangerous). Group servers: Keep / Review / Remove immediately. ## Step 4: Live Inspection (only if `--live`) Run: `node /scanners/mcp-live-inspect.mjs ""` Parse JSON output. Append a **Live Inspection Results** section: - Contact status per server (contacted / timed-out / skipped / failed) - Live injection findings (sorted critical → info) - Tool shadowing across servers **Cross-reference escalation:** If a server was rated "Untrusted" or "Dangerous" in Step 2 AND has live injection findings → escalate to CRITICAL priority in the final report and highlight as "Confirmed active threat (static + live)".