Book a $1,000 Agent/MCP Audit Sprint

[jackjin1997]

Use this discussion for questions before opening a paid audit request.

Offer: fixed-price Agent/MCP Audit Sprint for one MCP server, agent tool surface, or tool-using product slice.

Price: USD $1,000 equivalent.

Current slot: one 48-hour async audit slot is available after written scope acceptance and payment confirmation.

Turnaround target: 48 hours after scope acceptance and payment confirmation.

Free Code Scanning triage: install the standalone GitHub Action with uses: jackjin1997/agent-mcp-code-scan-action@v1 and sarif: "true". It emits SARIF for GitHub Security without installing target dependencies, executing target code, or calling target live services.

Code Scanning workflow page: https://jackjin1997.github.io/agent-audit-sprint/mcp-code-scanning-github-action.html

Standalone Action repo: https://github.com/jackjin1997/agent-mcp-code-scan-action

Free local triage: run the browser-only local scanner before booking: https://jackjin1997.github.io/agent-audit-sprint/scan.html. It reads selected local files in the browser, does not upload code, does not install dependencies, and does not execute target code.

Automated free triage: public GitHub repo intakes receive a no-execution scanner comment in the issue. The automation clones the public repo, reads files, runs the heuristic scanner, and does not install dependencies, execute target code, or call live services.

Payment path: ETH and SOL are ready now. If invoice-first processing is needed, ask here or choose "Need invoice/discussion first" in the intake form so billing details, payment method, and settlement evidence can be agreed before work starts.

Payment/start rule: do not send payment until scope is accepted in writing.

Best fit:

• MCP servers with remote transports, write tools, auth, secrets, account mutation, browser/file/database access, or shell execution.
• Teams preparing a launch and needing a ranked engineering report, not a broad compliance project.
• Trading, brokerage, crypto, finance, workspace, email, calendar, docs, drive, Slack, Microsoft 365, Google Workspace, database, Kubernetes, cloud, browser automation, and scraping MCP products.

High-intent pages:

• Trading MCP security audit: https://jackjin1997.github.io/agent-audit-sprint/trading-mcp-security-audit.html
• Workspace MCP security audit: https://jackjin1997.github.io/agent-audit-sprint/workspace-mcp-security-audit.html
• Cloud and database MCP security audit: https://jackjin1997.github.io/agent-audit-sprint/cloud-database-mcp-security-audit.html
• Browser automation MCP security audit: https://jackjin1997.github.io/agent-audit-sprint/browser-automation-mcp-security-audit.html

Sample reports:

• Index: https://jackjin1997.github.io/agent-audit-sprint/samples.html
• douban-mcp: https://jackjin1997.github.io/agent-audit-sprint/reports/douban-mcp-sample-audit.html
• firecrawl-mcp-server: https://jackjin1997.github.io/agent-audit-sprint/reports/firecrawl-mcp-sample-audit.html
• browserbase/mcp-server-browserbase: https://jackjin1997.github.io/agent-audit-sprint/reports/browserbase-mcp-sample-audit.html

Start here:

• Service page: https://jackjin1997.github.io/agent-audit-sprint/mcp-security-audit-service.html
• Code Scanning audit intake: https://github.com/jackjin1997/agent-audit-sprint/issues/new?template=code-scanning-audit.yml
• Local browser scanner: https://jackjin1997.github.io/agent-audit-sprint/scan.html
• Terms: https://jackjin1997.github.io/agent-audit-sprint/terms.html
• Intake issue: https://github.com/jackjin1997/agent-audit-sprint/issues/new?template=audit-request.yml
• Checklist: https://jackjin1997.github.io/agent-audit-sprint/checklist.html

Do not paste secrets, private keys, cookies, customer data, or unsanitized production logs. For a paid sprint, open the intake issue first; work starts after scope is accepted and payment is confirmed.

[jackjin1997]

Booking update: the public MCP Security Radar is now live.

Radar: https://jackjin1997.github.io/agent-audit-sprint/mcp-security-radar.html

Use it to see what the free scanner flags on popular browser, cloud, database, GitHub, Notion, Atlassian, and browser-control MCP repos before opening a paid scope. The fixed USD $1,000 audit remains one repo or product slice after written scope acceptance and payment confirmation.