Skip to content

Lifeoflunatic/mcp-audit-skill

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
.claude-plugin
.claude-plugin
 
 
.codex
.codex
 
 
.cursor/rules
.cursor/rules
 
 
.gemini
.gemini
 
 
commands
commands
 
 
docs
docs
 
 
skills/mcp-audit
skills/mcp-audit
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

MCP Infrastructure Audit Suite

Audit, test, and monitor your MCP servers. Zero install required.

Works with: Claude Code | Cursor | Codex | Gemini CLI | Any MCP-aware agent

Claude Code Skill Cursor License: MIT

What This Does

Command What It Checks Coverage
/audit-mcp Full audit (all 3 below) Everything
/mcp-govern Governance & compliance 30 rules across 5 categories
/mcp-test Protocol compliance 39 tests across 6 suites
/mcp-health Server health & uptime Connectivity, latency, availability

Quick Start

Option 1: Install as Claude Code Skill (Zero Dependencies)

# Clone into your Claude Code skills directory
git clone https://github.com/Lifeoflunatic/mcp-audit-skill.git ~/.claude/skills/mcp-audit

Then in Claude Code, type /audit-mcp to audit all your configured MCP servers.

Option 2: Copy Skill Files Manually

  1. Copy skills/mcp-audit/SKILL.md to ~/.claude/skills/mcp-audit/SKILL.md
  2. Copy commands/*.md to ~/.claude/commands/
  3. Restart Claude Code

Option 3: Enhanced Mode (pip packages)

For deeper analysis with actual server connectivity testing:

pip install mcp-server-govern mcp-server-tester mcp-health-monitor

The skill automatically detects installed packages and uses them for enhanced auditing.

Governance Rules (30 total)

Category Rules What It Checks
Access Control 7 Auth, RBAC, tokens, IP allowlists, MFA
Security 6 TLS, injection, secrets, sandboxing, dependencies
Compliance 6 Audit logging, GDPR, version pinning, change management
Data Governance 5 PII detection, classification, encryption, data flows
Operations 6 Health endpoints, rate limiting, monitoring, backups

Protocol Tests (39 total)

Suite Tests What It Checks
Protocol 10 Initialize, ping, methods, JSON-RPC compliance
Tools 7 Schemas, validation, error handling
Resources 5 URIs, MIME types, content retrieval
Prompts 4 Names, descriptions, rendering
Edge Cases 7 Null, oversized, malformed, UTF-8
Security 6 Injection, auth, info leakage

Example Output

## MCP Audit Report — my-database-server
Date: 2026-04-17
Auditor: MCP Infrastructure Audit Suite v1.0

### Summary
| Category            | Score  | Risk Level |
|---------------------|--------|------------|
| Governance          | 87%    | MEDIUM     |
| Protocol Compliance | 36/39  | GOOD       |
| Health              | UP     | HEALTHY    |

### Top Findings
1. FAIL: SECRET_MANAGEMENT — API key hardcoded in mcp.json (CRITICAL)
2. WARN: RATE_LIMITING — No rate limits configured (HIGH)
3. FAIL: TLS_REQUIRED — Server using http:// endpoint (CRITICAL)

Why This Exists

The MCP ecosystem has 84K+ stars on awesome-mcp-servers. Teams are deploying MCP servers to production with:

  • No governance policies
  • No automated testing
  • No health monitoring

This skill fixes that gap. One command, full audit.

Part of the OpenClaw MCP Suite

Tool What Install
mcp-govern Governance & policy enforcement CLI pip install mcp-server-govern
mcp-test Protocol compliance testing CLI pip install mcp-server-tester
mcp-health Health monitoring CLI pip install mcp-health-monitor
mcp-audit (this) Claude Code skill wrapping all 3 Clone to ~/.claude/skills/

License

MIT

About

MCP Infrastructure Audit Suite — Zero-install Claude Code skill. 30 governance rules, 39 protocol tests, health monitoring. Works with Claude Code, Cursor, Codex, Gemini CLI.

Topics

mcp devsecops model-context-protocol agent-skills claude-code mcp-security mcp-testing claude-skills mcp-audit mcp-governance

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors