mcp-check v0.3.0
Adds deeper MCP security checks from recent MCP security research and official guidance.
Highlights:
- MCP009: detects SSRF-prone URLs, private network targets, cloud metadata endpoints, and dangerous URL schemes
- MCP010: detects OAuth/bearer credentials, broad OAuth scopes, and unsafe OAuth endpoint URLs
- Capability summary in terminal and JSON reports
- New unsafe examples for private-network URLs and OAuth misconfiguration
Verification:
- 10 tests passing
- Package build succeeds
- YAML workflow/action validation succeeds