open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions
ktg-plugin-marketplace/plugins/llm-security-copilot/skills/mcp-audit/SKILL.md
Kjell Tore Guttormsen f418a8fe08 feat(llm-security-copilot): port llm-security v5.1.0 to GitHub Copilot CLI 
Full port of llm-security plugin for internal use on Windows with GitHub
Copilot CLI. Protocol translation layer (copilot-hook-runner.mjs)
normalizes Copilot camelCase I/O to Claude Code snake_case format — all
original hook scripts run unmodified.

- 8 hooks with protocol translation (stdin/stdout/exit code)
- 18 SKILL.md skills (Agent Skills Open Standard)
- 6 .agent.md agent definitions
- 20 scanners + 14 scanner lib modules (unchanged)
- 14 knowledge files (unchanged)
- 39 test files including copilot-port-verify.mjs (17 tests)
- Windows-ready: node:path, os.tmpdir(), process.execPath, no bash

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-09 21:56:10 +02:00

1.8 KiB
Raw Blame History

name description
security-mcp-audit Audit all installed MCP server configurations for security risks, trust verification, and permission analysis

MCP Audit

Comprehensive audit of all installed MCP server configurations.

Step 1: Parse Arguments

Check for --live flag in $ARGUMENTS.

Step 2: Discover MCP Configs

Search these locations for MCP server configurations:

  • .mcp.json in project root
  • .vscode/mcp.json
  • Settings files with mcpServers sections
  • Global MCP configuration files

Step 3: Analyze Each Server

Read <plugin-root>/knowledge/mcp-threat-patterns.md.

For each discovered MCP server, perform 5-phase analysis:

  1. Tool Description Analysis — Check for hidden instructions, excessive length (>500 chars), Unicode anomalies, dynamic description loading
  2. Source Code Analysis — Code execution (eval/exec), network calls, file system access, credential access, time-conditional behavior
  3. Dependency Analysis — Run npm audit or pip audit as appropriate. Check for typosquatting, suspicious packages
  4. Configuration Analysis — Permission surface, declared vs actual scope, auth configuration
  5. Rug Pull Detection — Dynamic tool metadata, config self-modification, remote flag control, self-update mechanisms

Trust rating per server: Trusted / Cautious / Untrusted / Dangerous.

Step 4: Live Inspection (if --live)

node <plugin-root>/scanners/mcp-live-inspect.mjs

Connect to running MCP servers, scan live tool descriptions, detect injection and shadowing.

Step 5: Report

Output: MCP Landscape Summary table, per-server trust rating, findings grouped by severity. Group servers into: Keep (Trusted) / Review (Cautious) / Remove (Untrusted/Dangerous).

If static finding + live injection on same server = CRITICAL escalation.