What is 'CLI-First Discovery'?

It means the skill first queries the 'claude mcp list' command to get the authoritative state of running servers before inspecting physical files, ensuring no active configuration is missed.

Why should I audit my MCP configurations?

Auditing ensures your MCP servers are correctly configured, use secure transport methods, and do not contain hardcoded API keys that could be leaked in version control.

Does this skill check global Claude settings?

Yes, it audits configurations across multiple scopes including project-specific .mcp.json files and global user settings found in ~/.claude.json.

How does it handle sensitive credentials?

It flags hardcoded secrets as critical failures in version-controlled files and recommends using environment variable expansion like ${API_KEY} for secure management.

Can I skip the validation phase for a faster audit?

Yes, by using the --skip-validation flag, you can bypass the deep validation process for a quicker overview of your configuration status.

MCP Security & Config Auditor

Name: MCP Security & Config Auditor
Author: melodic-software

bymelodic-software

•

安全与测试

Audits Model Context Protocol (MCP) server configurations to ensure security, compliance, and optimal performance across project and global settings.

The MCP Security & Config Auditor is a specialized utility for Claude Code designed to identify vulnerabilities and misconfigurations in Model Context Protocol setups. By performing a multi-scope analysis across project-level, user-global, and enterprise configuration files, it detects critical security risks like hardcoded API keys and deprecated transport types. The skill utilizes a CLI-first discovery approach to ensure parity with the running system while providing detailed remediation steps and validation findings, making it essential for teams maintaining production-ready AI agent ecosystems.

主要功能

01Automated finding validation via specialized sub-agents to reduce false positives

02Security vulnerability detection for hardcoded credentials and exposed API keys

03Multi-scope auditing for Project, User, Global, and Enterprise configurations

0438 GitHub stars

05Detailed compliance reports with performance scoring and remediation steps

06CLI-first discovery to ensure system-accurate configuration mapping

使用场景

01Troubleshooting connectivity and transport protocol issues between Claude Code and local MCP servers.

02Pre-commit security checks to prevent leaking sensitive API keys in version-controlled .mcp.json files.

03Standardizing MCP server configurations and environment variable usage across a distributed development team.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add melodic-software/claude-code-plugins audit-mcp

For use in Claude.ai and ChatGPT

Download Skill