ClawHub

Mcpsec

v1.0.4

Scan MCP server configuration files for security vulnerabilities using mcpsec (OWASP MCP Top 10). Use when: auditing MCP tool configs for prompt injection, h...

0· 137·0 current·0 all-time
byPaul Frederiksen@pfrederiksen

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for pfrederiksen/mcpsec.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Mcpsec" (pfrederiksen/mcpsec) from ClawHub.
Skill page: https://clawhub.ai/pfrederiksen/mcpsec
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: mcpsec
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install mcpsec

ClawHub CLI

Package manager switcher

npx clawhub@latest install mcpsec
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required binaries, included script, and declared scan targets align: the wrapper discovers local MCP config files and runs the mcpsec binary to report findings. Nothing requested (no env vars or unrelated binaries) appears out of scope for a configuration scanner.
Instruction Scope
The SKILL.md and wrapper limit activity to reading local config paths and running mcpsec; the wrapper uses subprocess.run with shell=False and path sanitization. Important caveat: the skill cannot enforce the binary's runtime behavior — SKILL.md claims the binary makes no network calls per its source, but that must be independently verified. Also scan output can include sensitive secrets from configs (the wrapper prints results to stdout), so treat outputs as sensitive.
Install Mechanism
Instruction-only skill (no packaged installer). SKILL.md shows downloading pre-built releases from GitHub (a known host) and suggests verifying SHA256 checksums and/or building from source — this is an appropriate mitigation. The install commands provided are explicit about checksum verification; treat pre-built binaries from third parties as moderate supply-chain risk unless you verify.
Credentials
No environment variables, credentials, or configuration paths outside the stated scan targets are requested. The skill reads only local config files (which legitimately may contain API keys) and does not require unrelated secrets.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system-wide agent settings, and is user-invocable only. It does not attempt to persist credentials or alter system configuration.
Assessment
This wrapper appears to do only what it says: run the mcpsec scanner against local MCP config files. Before installing or running: (1) verify the mcpsec binary provenance (check the published SHA256 checksum or build from source); (2) run the scanner in an isolated environment (container/VM) if you are concerned about supply-chain risk; (3) treat scanner output as sensitive because config files may contain API keys/tokens; and (4) if you need a guarantee that the binary makes no network calls, review and build its source yourself rather than relying on the pre-built release. If any of these steps are impractical, consider not installing the pre-built binary.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binsmcpsec
latestvk9731k1a1e5xevs77w043fxgpd83jf1j
137downloads
0stars
1versions
Updated 1mo ago
v1.0.4
MIT-0
Paul Frederiksen@pfrederiksen
latest
Download

MCPSec

Security scanner for Model Context Protocol (MCP) server configurations. Covers all 10 OWASP MCP Top 10 risk categories via pfrederiksen/mcpsec — an Apache 2.0 open-source Go binary.

⚠️ Trust Model & Security Considerations

This skill scans MCP config files that may contain API keys and tokens. Read this before installing.

Supply chain

The mcpsec binary is an external artifact from GitHub. Mitigate supply chain risk by verifying the SHA256 before running — do not skip this step.

Pinned checksums for v1.0.0:

e367cce46b1a152ccc8aedf2eeca5c6bcf5523b379a00a3f3704d61bf2b4fbca  linux_amd64
98e6ccf883b3a40cea817e19cecd5dc66ae1816bdaf0a58f7fcd8a46576321b0  linux_arm64
5ab2db3cc517f67600ace32f6dfacb15b2ce0b77319797a0431b105466379f3b  darwin_amd64
a9ea3b8d753f0332ddc7720a9778f870f42f523b589d12d8eed5030befa52ee9  darwin_arm64

For stronger guarantees, build from source: git clone https://github.com/pfrederiksen/mcpsec && cd mcpsec && make build

Sensitive data access

MCP config files may contain API keys and tokens. The scanner reads them to detect hardcoded secrets (MCP04) but does not write, transmit, or log them. The wrapper script (scan.py) makes no network calls. The binary makes no network calls per its source, but this skill cannot enforce the binary's runtime behavior — review the source or run in an isolated environment if you require certainty.

Network behavior

  • Wrapper script: no network calls
  • mcpsec binary: no network calls per source; cannot be verified at runtime by this skill

Isolation

For high-security environments, run in a container or VM, or audit the mcpsec binary source before use.

Usage

# Auto-discover and scan all known MCP config locations
python3 scripts/scan.py

# Scan a specific config file
python3 scripts/scan.py ~/Library/Application\ Support/Claude/claude_desktop_config.json

# Only show critical and high findings
python3 scripts/scan.py --severity critical,high

# JSON output (for dashboards/SIEM)
python3 scripts/scan.py --format json

# Quiet mode: only output if findings exist (good for cron)
python3 scripts/scan.py --quiet

Installing mcpsec

# macOS (Homebrew — tap is maintained by pfrederiksen)
brew install pfrederiksen/tap/mcpsec

# Linux amd64 — verify SHA256 BEFORE extracting
curl -L https://github.com/pfrederiksen/mcpsec/releases/download/v1.0.0/mcpsec_1.0.0_linux_amd64.tar.gz -o mcpsec.tar.gz
echo "e367cce46b1a152ccc8aedf2eeca5c6bcf5523b379a00a3f3704d61bf2b4fbca  mcpsec.tar.gz" | sha256sum -c -
# Only proceed if the above prints "mcpsec.tar.gz: OK"
tar -xzf mcpsec.tar.gz && mv mcpsec /usr/local/bin/mcpsec && chmod +x /usr/local/bin/mcpsec

# Build from source (strongest supply chain guarantee)
git clone https://github.com/pfrederiksen/mcpsec && cd mcpsec && make build
sudo mv mcpsec /usr/local/bin/

What It Scans

Auto-discovers configs at these paths:

  • ~/Library/Application Support/Claude/claude_desktop_config.json (Claude Desktop)
  • ~/Library/Application Support/Claude/Claude Extensions/ (DXT extensions)
  • ~/.cursor/mcp.json (Cursor)
  • ~/.vscode/mcp.json (VS Code)
  • ~/.openclaw/workspace/mcp-config.json (custom)

OWASP MCP Top 10 Coverage

IDRiskSeverity
MCP01Prompt injection in tool descriptionsHigh
MCP02Excessive tool permissionsCritical/High
MCP03Missing authenticationCritical/High
MCP04Hardcoded secrets in env varsCritical
MCP05Unsafe resource URIs (SSRF)High
MCP06Tool definition spoofingHigh/Medium
MCP07Insecure transport (HTTP, weak TLS)Critical/High
MCP08Missing input validation schemasMedium
MCP09Missing logging/audit configMedium/High
MCP10No rate limitingMedium

Security Design (wrapper script)

  • subprocess used exclusively with shell=False
  • All file paths validated against an allowlist pattern before use
  • All exceptions caught by specific type — no bare except
  • Full type hints and docstrings throughout
  • Read-only — no config files are modified

System Access

  • Reads: MCP config JSON files at known paths (or paths you specify)
  • Executes: mcpsec scan binary — reads local config files only; no network calls per upstream source, but this cannot be enforced by the wrapper
  • No writes, no network calls from the wrapper script
  • Sensitive data note: config files may contain API keys or tokens; mcpsec reads them to detect hardcoded secrets but does not transmit them

Requirements

  • Python 3.10+
  • mcpsec binary on PATH — see install instructions above

Comments

Loading comments...