mcp-armor and mcp-audit
One tool provides continuous security and monitoring of Model Context Protocol (MCP) operations by scanning agent-to-tool communications for risks, while the other audits MCP configurations for exposed secrets, shadow APIs, and AI models to generate AI-BOMs for compliance, making them complementary tools for a comprehensive MCP security posture.
About mcp-armor
aira-security/mcp-armor
MCP Armor continuously secures and monitors Model Context Protocol operations through static and dynamic scans, revealing hidden risks in agent-to-tool communications.
Performs auto-discovery of MCP server configurations across Cursor, Claude Desktop, VS Code, and other Agentic IDEs, then catalogs available tools, resources, and prompts before running specialized security checks for prompt injection, tool poisoning, cross-server shadowing, and command injection. Includes baseline drift detection to identify rug pull attacks and component modifications, with audit trails and JSON/Markdown reporting. All analysis runs locally using the open-source FT-Llama-Prompt-Guard-2 model from Hugging Face.
About mcp-audit
apisec-inc/mcp-audit
See what your AI agents can access. Scan MCP configs for exposed secrets, shadow APIs, and AI models. Generate AI-BOMs for compliance.
Performs static analysis of MCP configuration files across development tools (Claude Desktop, Cursor, VS Code, Windsurf, Zed) and GitHub repositories, using pattern matching to detect 25+ secret types and mapping findings to OWASP LLM Top 10 (2025). Exports results in multiple formats (JSON, CycloneDX AI-BOM, SARIF, CSV) for CI/CD integration and compliance workflows, with a browser-based GitHub scanner and local CLI tool that scans MCP configs without telemetry or network transmission.
Related comparisons
Scores updated daily from GitHub, PyPI, and npm data. How scores work