mcp-audit

by apisec-inc · Python · ★ 149

See what your AI agents can access. Scan MCP configs for exposed secrets, shadow APIs, and AI models. Generate AI-BOMs for compliance.

#agent-security#ai#ai-bom#ai-security#api-inventory#appsec#claude#cursor#cyclonedx#devsecops#llm#mcp#model-context-protocol#sbom#secrets-detection#security#supply-chain-security

Install

pip install git+https://github.com/apisec-inc/mcp-audit.git

Claude Desktop config

Add this to your claude_desktop_config.json:

{
  "mcpServers": {
    "mcp-audit": {
      "command": "uvx",
      "args": [
        "git+https://github.com/apisec-inc/mcp-audit.git"
      ]
    }
  }
}

From the README

[](https://opensource.org/licenses/MIT) [](https://www.python.org/downloads/) [](https://github.com/apisec-inc/mcp-audit/releases) **See what your AI agents can access - before they go live.** **Web App** **CLI** MCP Audit scans your AI development tools (Claude Desktop, Cursor, VS Code) and reveals: - **Secrets** - Exposed API keys, tokens, database passwords - **APIs** - Every endpoint your AI agents connect to - **AI Models** - Which LLMs are configured (GPT-4, Claude, Llama) - **Risk Flags** - Shell access, filesystem access, unverified sources | Scan Type | Finds | |-----------|----…

Read full README on GitHub →