playbooks

Home / MCP / Security Audit MCP Server

Security Audit MCP Server

Audits npm package dependencies for security vulnerabilities with real-time checks and CVSS/CVE references.

javascript
48stars
View on GitHub
Installation
Add the following to your MCP client configuration file.

Configuration

View docs
{
    "mcpServers": {
        "mcp_security_audit": {
            "command": "npx",
            "args": [
                "-y",
                "mcp-security-audit"
            ]
        }
    }
}

You have a Security Audit MCP Server that analyzes npm package dependencies to identify security vulnerabilities in real time. It integrates with remote npm registries, provides detailed vulnerability reports with severity levels, and offers automatic fix recommendations to help you keep your projects safe.

How to use

You use this MCP server by configuring your MCP client to run the security audit tool as either a remote (HTTP) service or a local (stdio) process. The tool scans dependencies during your normal workflow, returns vulnerability details with CVSS scores and CVE references, and proposes upgrade paths when fixes are available. You can run it as part of your build or as a background check to continuously monitor your dependencies.

How to install

Prerequisites: you need Node.js and npm installed on your system to build and run the MCP server.

Install the Security Audit Tool for your MCP client using NPX directly when integrating with Claude Desktop or similar environments.

npx -y @smithery/cli install @qianniuspace/mcp-security-audit --client claude

Additional MCP configuration options

Option 1: Using NPX (Recommended) is the simplest path. You configure the MCP client to execute the tool via NPX so the runtime pulls the latest version when starting.

{
  "mcpServers": {
    "mcp_security_audit": {
      "command": "npx",
      "args": ["-y", "mcp-security-audit"]
    }
  }
}

Manual installation from source

If you prefer to build from source, clone the repository, install dependencies, and build the project. Then configure your MCP client to point at the built index file.

git clone https://github.com/qianniuspace/mcp-security-audit.git
cd mcp-security-audit
npm install
npm run build
```

```
{
  "mcpServers": {
    "mcp_security_audit_build": {
      "command": "npx",
      "args": ["-y", "/path/to/mcp-security-audit/build/index.js"]
    }
  }
}

Configuration notes

Configure the MCP client with the appropriate mcpServers entry that matches your deployment choice. If you run from a built index, ensure the path to index.js is correct for your environment.

Notes on outputs

The tool provides detailed vulnerability information including severity levels, fix recommendations, CVSS scores, and CVE references. You will receive responses that describe found vulnerabilities or a confirmation that no vulnerabilities were detected.

Available tools

real_time_scan

Performs real-time security vulnerability scanning of npm dependencies and aggregates results.

vulnerability_report

Generates a structured vulnerability report including severity, CVSS scores, and CVE references.

fix_recommendations

Provides automatic upgrade recommendations to fix detected vulnerabilities when possible.

cvss_scoring

Includes CVSS scores and vectors to help you prioritize remediation.