open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions
ktg-plugin-marketplace/plugins/llm-security/playground/test-fixtures/mcp-audit.md
Kjell Tore Guttormsen ce3891bdd0 feat(llm-security): playground Fase 3 — v7.5.0 med 18 parsere/renderere 
Single-file SPA playground har nå parser + renderer for alle 18
produces_report=true-kommandoer (Fase 2: 10 høy-prio + Fase 3: 8
gjenstående: mcp-inspect, supply-check, pre-deploy, diff, watch,
registry, clean, threat-model). 18 markdown test-fixtures fungerer
som kontrakt-anker for parser-utvikling.

Komplett demo-prosjekt `dft-komplett-demo` har alle 18 rapporter
ferdig parsed inline — klikk-gjennom uten "parser ikke implementert"-
paneler. 2 nye archetypes i KEY_STATS_CONFIG: kanban-buckets (clean)
og matrix-risk (threat-model).

Bug-fix: normalizeVerdictText sjekker nå GO-WITH-CONDITIONS /
CONDITIONAL / BETINGET FØR plain GO så betinget verdict (pre-deploy
med åpne vilkår) ikke kollapser til ALLOW.

Eksponert 11 window-globaler for testing/automasjon (__store,
__navigate, __loadDemoState, __PARSERS, __RENDERERS, __CATALOG,
__inferVerdict, __inferKeyStats, __renderPageShell,
__handlePasteImport, __scheduleRender). 12 Playwright-genererte
screenshots i playground/screenshots/v7.5.0/.

A11Y-rapport (WCAG 2.1 AA): 0 blokkerende, 3 mindre forbedringer
flagget for v7.5.x patch (skip-link, heading-hierarki på project,
aria-live toast).

Versjonsbump 7.4.0 -> 7.5.0 i 10 filer (package.json, plugin.json,
CLAUDE.md header, README badge, CHANGELOG-entry, 3 scanner VERSION-
konstanter, ROADMAP, marketplace-rot README).

Ingen scanner- eller hook-behavior-changes — purely additive surface.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-05 22:15:47 +02:00

4.1 KiB
Raw Blame History

MCP Config Audit

Header

Field Value
Report type mcp-audit
Target ~/.claude/.mcp.json + per-project configs
Date 2026-05-05
Version llm-security v7.4.0
Scope 5 MCP servers (3 active, 2 dormant)
Frameworks OWASP MCP
Triggered by /security mcp-audit

Risk Dashboard

Metric Value
Risk Score 33/100
Risk Band Medium
Grade C
Verdict WARNING
Severity Count
Critical 0
High 2
Medium 6
Low 3
Info 4
Total 15

Verdict rationale: No critical findings. Two high findings: airbnb-mcp tool description drift (per-update + cumulative) and tavily-mcp grants process.env read which is unjustified for search use case.

MCP Landscape

Server Type Trust Tools Active
airbnb-mcp local-stdio medium 4 yes
tavily-mcp http-sse low 6 yes
microsoft-learn http-sse high 3 yes
gemini-mcp local-stdio high 4 dormant
mermaid-chart http-sse medium 17 dormant

Per-Server Analysis

airbnb-mcp

  • Path: ~/.claude/mcp-servers/airbnb-mcp/
  • Origin: GitHub (airbnb-example, MIT)
  • Tool description drift: per-update 12.3% (alert), cumulative 27% from baseline (advisory)
  • Permissions: Bash, WebFetch, Read
  • Verdict: WARNING — drift indicates possible upgrade or rug-pull. Investigate before reset.

tavily-mcp

  • Path: remote (HTTP-SSE)
  • Origin: tavily.ai
  • Tool description drift: none
  • Permissions: WebFetch, env-vars (TAVILY_API_KEY)
  • Verdict: WARNING — env-var read scope is broader than needed. Confirm only TAVILY_API_KEY is exposed.

microsoft-learn

  • Path: remote (HTTP-SSE)
  • Origin: Microsoft
  • Tool description drift: none
  • Permissions: WebFetch
  • Verdict: ALLOW — minimal surface, well-scoped.

gemini-mcp (dormant)

  • Path: ~/.claude/mcp-servers/gemini-mcp/
  • Origin: local-built
  • Verdict: N/A (dormant)

mermaid-chart (dormant)

  • Path: remote (HTTP-SSE)
  • Verdict: N/A (dormant)

MCP Risk Assessment

3 active servers, 17 total tools across active set. Risk concentration: airbnb-mcp (description drift) + tavily-mcp (env-var scope). One server (microsoft-learn) is well-scoped baseline.

Keep / Review / Remove

Decision Server Reason
Keep microsoft-learn Well-scoped, official source
Keep gemini-mcp Dormant but trusted, retain
Review airbnb-mcp Description drift requires investigation
Review tavily-mcp Env-var scope overly broad
Remove mermaid-chart Dormant 87 days, no usage

Findings

High

ID Server Description OWASP
MA-001 airbnb-mcp Cumulative drift 27% from baseline (sticky) MCP05
MA-002 tavily-mcp env-var read includes more than declared keys MCP06

Medium

ID Server Description OWASP
MA-003 airbnb-mcp Per-update drift 12.3% on book tool MCP05
MA-004 airbnb-mcp Tool book returns large payloads without size cap MCP09
MA-005 tavily-mcp TLS cert pinning not enforced MCP08
MA-006 mermaid-chart Dormant > 90 days, suggest removal
MA-007 airbnb-mcp Description includes implicit instruction MCP05
MA-008 tavily-mcp Rate-limit not configured client-side MCP09

Low / Info

(7 lower-severity findings — see envelope)

Recommendations

  1. High: Run /security mcp-baseline-reset --target airbnb-mcp only AFTER manual review of new description.
  2. High: Restrict tavily-mcp env-var scope to TAVILY_API_KEY exclusively (settings.local.json).
  3. Medium: Remove dormant mermaid-chart server unless re-activated within 14 days.
  4. Medium: Add response-size caps for airbnb-mcp book tool.

MCP-audit complete. 5 servers, 15 findings, verdict WARNING.