agent-security-scanner-mcp and mcp-audit
About agent-security-scanner-mcp
sinewaveai/agent-security-scanner-mcp
Security scanner MCP server for AI coding agents. Prompt injection firewall, package hallucination detection (4.3M+ packages), 1000+ vulnerability rules with AST & taint analysis, auto-fix.
Combines MCP integration with CLI flexibility, supporting Claude, Cursor, Windsurf, and OpenClaw — with parallel architecture splitting lightweight regex-based scanning (81.5KB ProofLayer) from enterprise features like AST+taint analysis, cross-file data flow tracking, and LLM-powered semantic intent profiling. Generates CycloneDX SBOMs, cross-references against OSV.dev for CVEs, and includes specialized detection for autonomous AI threats (prompt jailbreaks, unicode poisoning, malware signatures).
About mcp-audit
apisec-inc/mcp-audit
See what your AI agents can access. Scan MCP configs for exposed secrets, shadow APIs, and AI models. Generate AI-BOMs for compliance.
Performs static analysis of MCP configuration files across development tools (Claude Desktop, Cursor, VS Code, Windsurf, Zed) and GitHub repositories, using pattern matching to detect 25+ secret types and mapping findings to OWASP LLM Top 10 (2025). Exports results in multiple formats (JSON, CycloneDX AI-BOM, SARIF, CSV) for CI/CD integration and compliance workflows, with a browser-based GitHub scanner and local CLI tool that scans MCP configs without telemetry or network transmission.
Related comparisons
Scores updated daily from GitHub, PyPI, and npm data. How scores work