open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions
ktg-plugin-marketplace/plugins/llm-security-copilot/skills/mcp-audit/SKILL.md
Kjell Tore Guttormsen f418a8fe08 feat(llm-security-copilot): port llm-security v5.1.0 to GitHub Copilot CLI 
Full port of llm-security plugin for internal use on Windows with GitHub
Copilot CLI. Protocol translation layer (copilot-hook-runner.mjs)
normalizes Copilot camelCase I/O to Claude Code snake_case format — all
original hook scripts run unmodified.

- 8 hooks with protocol translation (stdin/stdout/exit code)
- 18 SKILL.md skills (Agent Skills Open Standard)
- 6 .agent.md agent definitions
- 20 scanners + 14 scanner lib modules (unchanged)
- 14 knowledge files (unchanged)
- 39 test files including copilot-port-verify.mjs (17 tests)
- Windows-ready: node:path, os.tmpdir(), process.execPath, no bash

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-09 21:56:10 +02:00

47 lines
1.8 KiB
Markdown
Raw Blame History

---
name: security-mcp-audit
description: Audit all installed MCP server configurations for security risks, trust verification, and permission analysis
---
# MCP Audit
Comprehensive audit of all installed MCP server configurations.
## Step 1: Parse Arguments
Check for `--live` flag in `$ARGUMENTS`.
## Step 2: Discover MCP Configs
Search these locations for MCP server configurations:
- `.mcp.json` in project root
- `.vscode/mcp.json`
- Settings files with `mcpServers` sections
- Global MCP configuration files
## Step 3: Analyze Each Server
Read `<plugin-root>/knowledge/mcp-threat-patterns.md`.
For each discovered MCP server, perform 5-phase analysis:
1. **Tool Description Analysis** — Check for hidden instructions, excessive length (>500 chars), Unicode anomalies, dynamic description loading
2. **Source Code Analysis** — Code execution (eval/exec), network calls, file system access, credential access, time-conditional behavior
3. **Dependency Analysis** — Run `npm audit` or `pip audit` as appropriate. Check for typosquatting, suspicious packages
4. **Configuration Analysis** — Permission surface, declared vs actual scope, auth configuration
5. **Rug Pull Detection** — Dynamic tool metadata, config self-modification, remote flag control, self-update mechanisms
Trust rating per server: Trusted / Cautious / Untrusted / Dangerous.
## Step 4: Live Inspection (if --live)
```bash
node <plugin-root>/scanners/mcp-live-inspect.mjs
```
Connect to running MCP servers, scan live tool descriptions, detect injection and shadowing.
## Step 5: Report
Output: MCP Landscape Summary table, per-server trust rating, findings grouped by severity. Group servers into: Keep (Trusted) / Review (Cautious) / Remove (Untrusted/Dangerous).
If static finding + live injection on same server = CRITICAL escalation.
Reference in a new issue View git blame Copy permalink