Skip to content

mcp-check v0.3.0

Choose a tag to compare

@vigneshakaviki vigneshakaviki released this 10 Jul 21:36

Adds deeper MCP security checks from recent MCP security research and official guidance.

Highlights:

  • MCP009: detects SSRF-prone URLs, private network targets, cloud metadata endpoints, and dangerous URL schemes
  • MCP010: detects OAuth/bearer credentials, broad OAuth scopes, and unsafe OAuth endpoint URLs
  • Capability summary in terminal and JSON reports
  • New unsafe examples for private-network URLs and OAuth misconfiguration

Verification:

  • 10 tests passing
  • Package build succeeds
  • YAML workflow/action validation succeeds