open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions
ktg-plugin-marketplace/plugins/llm-security/playground/test-fixtures/mcp-audit.md
Kjell Tore Guttormsen ce3891bdd0 feat(llm-security): playground Fase 3 — v7.5.0 med 18 parsere/renderere 
Single-file SPA playground har nå parser + renderer for alle 18
produces_report=true-kommandoer (Fase 2: 10 høy-prio + Fase 3: 8
gjenstående: mcp-inspect, supply-check, pre-deploy, diff, watch,
registry, clean, threat-model). 18 markdown test-fixtures fungerer
som kontrakt-anker for parser-utvikling.

Komplett demo-prosjekt `dft-komplett-demo` har alle 18 rapporter
ferdig parsed inline — klikk-gjennom uten "parser ikke implementert"-
paneler. 2 nye archetypes i KEY_STATS_CONFIG: kanban-buckets (clean)
og matrix-risk (threat-model).

Bug-fix: normalizeVerdictText sjekker nå GO-WITH-CONDITIONS /
CONDITIONAL / BETINGET FØR plain GO så betinget verdict (pre-deploy
med åpne vilkår) ikke kollapser til ALLOW.

Eksponert 11 window-globaler for testing/automasjon (__store,
__navigate, __loadDemoState, __PARSERS, __RENDERERS, __CATALOG,
__inferVerdict, __inferKeyStats, __renderPageShell,
__handlePasteImport, __scheduleRender). 12 Playwright-genererte
screenshots i playground/screenshots/v7.5.0/.

A11Y-rapport (WCAG 2.1 AA): 0 blokkerende, 3 mindre forbedringer
flagget for v7.5.x patch (skip-link, heading-hierarki på project,
aria-live toast).

Versjonsbump 7.4.0 -> 7.5.0 i 10 filer (package.json, plugin.json,
CLAUDE.md header, README badge, CHANGELOG-entry, 3 scanner VERSION-
konstanter, ROADMAP, marketplace-rot README).

Ingen scanner- eller hook-behavior-changes — purely additive surface.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-05 22:15:47 +02:00

145 lines
4.1 KiB
Markdown
Raw Blame History

# MCP Config Audit
---
## Header
| Field | Value |
|-------|-------|
| **Report type** | mcp-audit |
| **Target** | ~/.claude/.mcp.json + per-project configs |
| **Date** | 2026-05-05 |
| **Version** | llm-security v7.4.0 |
| **Scope** | 5 MCP servers (3 active, 2 dormant) |
| **Frameworks** | OWASP MCP |
| **Triggered by** | /security mcp-audit |
---
## Risk Dashboard
| Metric | Value |
|--------|-------|
| **Risk Score** | 33/100 |
| **Risk Band** | Medium |
| **Grade** | C |
| **Verdict** | WARNING |
| Severity | Count |
|----------|------:|
| Critical | 0 |
| High | 2 |
| Medium | 6 |
| Low | 3 |
| Info | 4 |
| **Total** | **15** |
**Verdict rationale:** No critical findings. Two high findings: airbnb-mcp tool description drift (per-update + cumulative) and tavily-mcp grants `process.env` read which is unjustified for search use case.
---
## MCP Landscape
| Server | Type | Trust | Tools | Active |
|--------|------|-------|-------|-------:|
| airbnb-mcp | local-stdio | medium | 4 | yes |
| tavily-mcp | http-sse | low | 6 | yes |
| microsoft-learn | http-sse | high | 3 | yes |
| gemini-mcp | local-stdio | high | 4 | dormant |
| mermaid-chart | http-sse | medium | 17 | dormant |
---
## Per-Server Analysis
### airbnb-mcp
- **Path:** `~/.claude/mcp-servers/airbnb-mcp/`
- **Origin:** GitHub (airbnb-example, MIT)
- **Tool description drift:** per-update 12.3% (alert), cumulative 27% from baseline (advisory)
- **Permissions:** Bash, WebFetch, Read
- **Verdict:** WARNING — drift indicates possible upgrade or rug-pull. Investigate before reset.
### tavily-mcp
- **Path:** remote (HTTP-SSE)
- **Origin:** tavily.ai
- **Tool description drift:** none
- **Permissions:** WebFetch, env-vars (TAVILY_API_KEY)
- **Verdict:** WARNING — env-var read scope is broader than needed. Confirm only TAVILY_API_KEY is exposed.
### microsoft-learn
- **Path:** remote (HTTP-SSE)
- **Origin:** Microsoft
- **Tool description drift:** none
- **Permissions:** WebFetch
- **Verdict:** ALLOW — minimal surface, well-scoped.
### gemini-mcp (dormant)
- **Path:** `~/.claude/mcp-servers/gemini-mcp/`
- **Origin:** local-built
- **Verdict:** N/A (dormant)
### mermaid-chart (dormant)
- **Path:** remote (HTTP-SSE)
- **Verdict:** N/A (dormant)
---
## MCP Risk Assessment
3 active servers, 17 total tools across active set. Risk concentration: airbnb-mcp (description drift) + tavily-mcp (env-var scope). One server (microsoft-learn) is well-scoped baseline.
---
## Keep / Review / Remove
| Decision | Server | Reason |
|----------|--------|--------|
| Keep | microsoft-learn | Well-scoped, official source |
| Keep | gemini-mcp | Dormant but trusted, retain |
| Review | airbnb-mcp | Description drift requires investigation |
| Review | tavily-mcp | Env-var scope overly broad |
| Remove | mermaid-chart | Dormant 87 days, no usage |
---
## Findings
### High
| ID | Server | Description | OWASP |
|----|--------|-------------|-------|
| MA-001 | airbnb-mcp | Cumulative drift 27% from baseline (sticky) | MCP05 |
| MA-002 | tavily-mcp | env-var read includes more than declared keys | MCP06 |
### Medium
| ID | Server | Description | OWASP |
|----|--------|-------------|-------|
| MA-003 | airbnb-mcp | Per-update drift 12.3% on `book` tool | MCP05 |
| MA-004 | airbnb-mcp | Tool `book` returns large payloads without size cap | MCP09 |
| MA-005 | tavily-mcp | TLS cert pinning not enforced | MCP08 |
| MA-006 | mermaid-chart | Dormant > 90 days, suggest removal | — |
| MA-007 | airbnb-mcp | Description includes implicit instruction | MCP05 |
| MA-008 | tavily-mcp | Rate-limit not configured client-side | MCP09 |
### Low / Info
(7 lower-severity findings — see envelope)
---
## Recommendations
1. **High:** Run `/security mcp-baseline-reset --target airbnb-mcp` only AFTER manual review of new description.
2. **High:** Restrict `tavily-mcp` env-var scope to `TAVILY_API_KEY` exclusively (settings.local.json).
3. **Medium:** Remove dormant `mermaid-chart` server unless re-activated within 14 days.
4. **Medium:** Add response-size caps for `airbnb-mcp` `book` tool.
---
*MCP-audit complete. 5 servers, 15 findings, verdict WARNING.*
Reference in a new issue View git blame Copy permalink