Does it support TypeScript MCP servers?

Yes, it is specifically designed to analyze servers built using the @modelcontextprotocol/sdk and standard TypeScript/Zod patterns.

Can this skill fix the issues it finds?

Yes, after generating an audit report, the skill offers to automatically apply fixes for critical, high, and medium-level issues directly to your codebase.

What is an MCP Server Audit?

It is a comprehensive check of a Model Context Protocol server to ensure it follows security best practices, performs efficiently, and provides clear descriptions for AI agents.

What security vulnerabilities does it look for?

It scans for SQL/shell/URL injection, path traversal, credential exposure, missing rate limiting, and improper error handling that might leak stack traces.

Why does it check description quality?

AI agents rely on tool descriptions to understand when and how to use a function. This audit ensures your descriptions are substantive and context-rich for better AI reliability.

MCP Server Auditor

Name: MCP Server Auditor
Author: randyquaye

byrandyquaye

0•

보안 및 테스팅

Audits Model Context Protocol (MCP) servers for security vulnerabilities, performance bottlenecks, and protocol compliance.

The MCP Server Auditor is a specialized skill designed to ensure your Model Context Protocol servers are enterprise-ready and optimized for AI interaction. It performs a comprehensive deep-dive into your codebase, scanning for critical security vulnerabilities like injection and path traversal, evaluating performance metrics such as connection pooling and rate limiting, and verifying protocol correctness. A unique standout feature is the Description Quality Audit, which ensures your tool descriptions are sufficiently detailed for LLMs to interpret and use correctly, preventing 'thin' documentation from hindering agent performance.

주요 기능

01Automated fix generation and application for identified issues

02Automated security vulnerability detection including injection and path traversal

03Performance optimization checks for connection pooling and resource cleanup

04Protocol compliance validation for tools, resources, and prompt handlers

05AI-readiness audit to ensure tool descriptions are substantive for agent use

060 GitHub stars

사용 사례

01Hardening an MCP server for production deployment and enterprise use

02Optimizing tool descriptions to improve Claude's ability to use custom tools correctly

03Standardizing protocol compliance across a suite of internal MCP implementations

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add randyquaye/forge-mcp mcp-audit

For use in Claude.ai and ChatGPT