Skills
mcp-sec-audit Toolkit: Static Pattern Matching + Docker/eBPF Dynamic Fuzzing Achieves 100% MCPTox Benchmark Detection
The mcp-sec-audit toolkit combines static pattern matching for Python-based MCP servers with dynamic sandboxed fuzzing and monitoring via Docker and eBPF. It achieves 100% detection on the MCPTox benchmark—the standard test suite for MCP tool poisoning. Detects risky capabilities (file system access, network requests, command execution) through configurable rule-based analysis and provides specific mitigation recommendations. Open source, part of the Cloud Security Alliance's Model Context Protocol Security initiative.
Source
↳ Follow the thread