You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Third thread, different from the methodology one (#1) and the manual 60-second checklist (#2). This one is about the number the tool spits out — the 0–100 hygiene score / A–F grade — and the thing I think is actually underused: wiring that grade into CI as a pass/fail gate.
What the score is made of
audit_scan (or audit_quick_scan for just the headline) connects to a running MCP server, enumerates every tool/resource/prompt, and scores hygiene across 5 categories, 100 points total:
Category
Points
What it rewards
Documentation
25
Every tool has a real description, params explained
Schema rigor
25
Typed params, enums/bounds, no free-form string catch-alls
Injection safety
25
Tool descriptions can't be turned into instructions to the model
Scope signals
15
The server signals what each tool can reach (file/network/shell)
Metadata
10
Versioning, server name/description present
Grade bands: A ≥ 90, B ≥ 80, C ≥ 65, D ≥ 50, F < 50.
The part most people miss: it's already a CI gate
The CLI exits 0 only when the grade is A or B, non-zero otherwise. So this is a one-liner in a pipeline:
- run: | pip install mcp-security-audit mcp-audit scan ./your-server # exits 1 if grade drops below B
A server that was an A and slips to a C because someone added an untyped shell-reaching tool with a vague description will now fail the build — before it ships to anyone's Claude/Cursor config.
The open question
Where would you set the gate? A/B (the current default) is strict — a single undocumented tool can knock a small server out of B. Is C "good enough to ship" for an internal-only server? Should injection-safety be a hard fail regardless of total score (i.e. you can't pass with 25/25 docs but 0/25 injection)?
I lean toward making injection_safety a hard floor independent of the total — a server can be beautifully documented and still be an exfil path. Curious whether people running MCP servers in prod agree, or think that's too aggressive for a first gate.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Third thread, different from the methodology one (#1) and the manual 60-second checklist (#2). This one is about the number the tool spits out — the 0–100 hygiene score / A–F grade — and the thing I think is actually underused: wiring that grade into CI as a pass/fail gate.
What the score is made of
audit_scan(oraudit_quick_scanfor just the headline) connects to a running MCP server, enumerates every tool/resource/prompt, and scores hygiene across 5 categories, 100 points total:stringcatch-allsGrade bands: A ≥ 90, B ≥ 80, C ≥ 65, D ≥ 50, F < 50.
The part most people miss: it's already a CI gate
The CLI exits 0 only when the grade is A or B, non-zero otherwise. So this is a one-liner in a pipeline:
A server that was an A and slips to a C because someone added an untyped
shell-reaching tool with a vague description will now fail the build — before it ships to anyone's Claude/Cursor config.The open question
Where would you set the gate? A/B (the current default) is strict — a single undocumented tool can knock a small server out of B. Is C "good enough to ship" for an internal-only server? Should injection-safety be a hard fail regardless of total score (i.e. you can't pass with 25/25 docs but 0/25 injection)?
I lean toward making injection_safety a hard floor independent of the total — a server can be beautifully documented and still be an exfil path. Curious whether people running MCP servers in prod agree, or think that's too aggressive for a first gate.
Free + OSS:
pip install mcp-security-audit· github.com/LuciferForge/mcp-security-audit (a star helps if it's useful). Methodology in #1, manual checklist in #2.Beta Was this translation helpful? Give feedback.
All reactions