How to Audit an MCP Server in 60 Seconds (Automated Script)

Before you install any MCP server into your Claude or Cursor environment, run this script. It checks the 8 most common vulnerabilities in under a minute. Why This Matters MCP servers execute code inside your AI session. They have access to your filesystem, environment variables, and network. Most developers install them without review. I scanned 50 open-source MCP servers. 43 had at least one exploitable vulnerability. The most common: command injection via shell=True, path traversal in file tools, and hardcoded API keys in source. The Quick Audit Script Save this as audit_mcp.py and run it against any MCP server directory: #!/usr/bin/env python3 """Quick MCP server security audit.""" import os, re, sys from pathlib import Path FINDINGS = [] def check(severity, title, detail): FINDINGS.append((severity, title, detail)) icon = "X" if severity == "HIGH" else "!" if severity == "MEDIUM" else "OK" print(f"[{icon}] [{severity}] {title}") if detail: print(f" {detail}") def scan_files(root, e