llm-security/commands/mcp-audit.md
Kjell Tore Guttormsen f153f969a0 feat(ultraplan-local): v1.6.0 — /ultraresearch-local deep research command
Add /ultraresearch-local for structured research combining local codebase
analysis with external knowledge via parallel agent swarms. Produces research
briefs with triangulation, confidence ratings, and source quality assessment.

New command: /ultraresearch-local with modes --quick, --local, --external, --fg.
New agents: research-orchestrator (opus), docs-researcher, community-researcher,
security-researcher, contrarian-researcher, gemini-bridge (all sonnet).
New template: research-brief-template.md.

Integration: --research flag in /ultraplan-local accepts pre-built research
briefs (up to 3), enriches the interview and exploration phases. Planning
orchestrator cross-references brief findings during synthesis.

Design principle: Context Engineering — right information to right agent at
right time. Research briefs are structured artifacts in the pipeline:
ultraresearch → brief → ultraplan --research → plan → ultraexecute.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-08 08:58:35 +02:00

2 KiB

name description allowed-tools model
security:mcp-audit Audit all installed MCP server configurations for security risks, trust verification, and permission analysis Read, Glob, Grep, Agent, Bash sonnet

/security mcp-audit [--live]

Full MCP server security audit — project-level and global. Add --live to also connect to running servers and scan live tool descriptions.

Step 0: Parse Flags

If $ARGUMENTS contains --live, strip it and set run_live_inspection = true.

Step 1: Discovery

Read MCP configs from: .mcp.json, .claude/settings.json, claude_desktop_config.json, ~/.claude/settings.json, ~/.claude/mcp.json, ~/.config/claude/mcp.json.

For each server extract: name, transport (stdio/sse), command+args or URL, env var names (redact values), source origin. Report total count.

Step 2: Scan

Spawn subagent_type: "llm-security:mcp-scanner-agent", model: "sonnet":

Full MCP audit. Read: <plugin-root>/knowledge/mcp-threat-patterns.md Execute all 5 phases per server (tool descriptions, source code, dependencies, config, rug pull detection). Servers: <discovered server list with name, type, command, source, env vars> Return per-server trust rating + findings.

Step 3: Report

Output: MCP Landscape Summary table (server, source, transport, trust rating, finding counts). Overall risk: Low (all trusted) / Medium (cautious+high) / High (untrusted) / Critical (dangerous). Group servers: Keep / Review / Remove immediately.

Step 4: Live Inspection (only if --live)

Run: node <plugin-root>/scanners/mcp-live-inspect.mjs "<cwd>"

Parse JSON output. Append a Live Inspection Results section:

  • Contact status per server (contacted / timed-out / skipped / failed)
  • Live injection findings (sorted critical → info)
  • Tool shadowing across servers

Cross-reference escalation: If a server was rated "Untrusted" or "Dangerous" in Step 2 AND has live injection findings → escalate to CRITICAL priority in the final report and highlight as "Confirmed active threat (static + live)".