mcp-audit and agent-security-scanner-mcp
These tools are complements: A provides agent-specific security scanning for vulnerabilities like prompt injection and package hallucination, while B audits the MCP configurations themselves for exposed secrets and shadow APIs, both crucial for securing AI agents.
About mcp-audit
apisec-inc/mcp-audit
See what your AI agents can access. Scan MCP configs for exposed secrets, shadow APIs, and AI models. Generate AI-BOMs for compliance.
Performs static analysis of MCP configuration files across development tools (Claude Desktop, Cursor, VS Code, Windsurf, Zed) and GitHub repositories, using pattern matching to detect 25+ secret types and mapping findings to OWASP LLM Top 10 (2025). Exports results in multiple formats (JSON, CycloneDX AI-BOM, SARIF, CSV) for CI/CD integration and compliance workflows, with a browser-based GitHub scanner and local CLI tool that scans MCP configs without telemetry or network transmission.
About agent-security-scanner-mcp
sinewaveai/agent-security-scanner-mcp
Security scanner MCP server for AI coding agents. Prompt injection firewall, package hallucination detection (4.3M+ packages), 1000+ vulnerability rules with AST & taint analysis, auto-fix.
Combines MCP integration with CLI flexibility, supporting Claude, Cursor, Windsurf, and OpenClaw — with parallel architecture splitting lightweight regex-based scanning (81.5KB ProofLayer) from enterprise features like AST+taint analysis, cross-file data flow tracking, and LLM-powered semantic intent profiling. Generates CycloneDX SBOMs, cross-references against OSV.dev for CVEs, and includes specialized detection for autonomous AI threats (prompt jailbreaks, unicode poisoning, malware signatures).
Related comparisons
Scores updated daily from GitHub, PyPI, and npm data. How scores work