---
name: security-mcp-audit
description: Audit all installed MCP server configurations for security risks, trust verification, and permission analysis
---

# MCP Audit

Comprehensive audit of all installed MCP server configurations.

## Step 1: Parse Arguments

Check for `--live` flag in `$ARGUMENTS`.

## Step 2: Discover MCP Configs

Search these locations for MCP server configurations:
- `.mcp.json` in project root
- `.vscode/mcp.json`
- Settings files with `mcpServers` sections
- Global MCP configuration files

## Step 3: Analyze Each Server

Read `<plugin-root>/knowledge/mcp-threat-patterns.md`.

For each discovered MCP server, perform 5-phase analysis:
1. **Tool Description Analysis** — Check for hidden instructions, excessive length (>500 chars), Unicode anomalies, dynamic description loading
2. **Source Code Analysis** — Code execution (eval/exec), network calls, file system access, credential access, time-conditional behavior
3. **Dependency Analysis** — Run `npm audit` or `pip audit` as appropriate. Check for typosquatting, suspicious packages
4. **Configuration Analysis** — Permission surface, declared vs actual scope, auth configuration
5. **Rug Pull Detection** — Dynamic tool metadata, config self-modification, remote flag control, self-update mechanisms

Trust rating per server: Trusted / Cautious / Untrusted / Dangerous.

## Step 4: Live Inspection (if --live)

```bash
node <plugin-root>/scanners/mcp-live-inspect.mjs
```

Connect to running MCP servers, scan live tool descriptions, detect injection and shadowing.

## Step 5: Report

Output: MCP Landscape Summary table, per-server trust rating, findings grouped by severity. Group servers into: Keep (Trusted) / Review (Cautious) / Remove (Untrusted/Dangerous).

If static finding + live injection on same server = CRITICAL escalation.