Agent/MCP Audit Sprint

Pre-launch review

MCP Security Audit Checklist

A practical checklist for maintainers shipping MCP servers, agent tools, or tool-using products that can read data, write data, call APIs, or run in a remote transport.

Book the $1,000 sprint Ask before booking Run local scanner View audit service Generate request brief Markdown checklist
01

Tool Inventory

  • List every tool, resource, prompt, and external API call.
  • Classify each path as read-only, write, destructive, privileged, or external.
  • Document which tools are disabled by default and which require operator opt-in.
02

Transport Exposure

  • State whether stdio, local HTTP, remote HTTP, SSE, or WebSocket transports are supported.
  • Document bind address, trusted clients, proxy layer, CORS/origin assumptions, and TLS expectations.
  • Fail closed when remote mode is enabled without an explicit exposure policy.
03

Auth And Session Boundaries

  • Separate user identity, app identity, tool permission, and provider token scopes.
  • Check auth failures for each transport and each write-capable tool.
  • Make session expiry, refresh, revocation, and tenant isolation visible in tests.
04

Write Action Controls

  • Gate write, delete, publish, send, transfer, and execute actions behind explicit config.
  • Use dry-run or preview modes for high-impact operations.
  • Test that write tools are absent or blocked when the safe mode is active.
05

Schema And Input Constraints

  • Constrain strings with length, format, enum, and path rules where possible.
  • Reject path traversal, command fragments, unexpected URLs, and oversized payloads.
  • Keep tool descriptions clear enough that agents do not infer hidden permissions.
06

Secret Handling

  • Redact provider keys, cookies, Authorization headers, private keys, and account tokens.
  • Apply redaction to logs, thrown errors, telemetry, tool output, and report artifacts.
  • Test real object shapes from HTTP clients, SDK errors, and config loaders.
07

Prompt And Tool Injection

  • Treat tool output, retrieved documents, web pages, tickets, and logs as untrusted data.
  • Keep instructions separate from data when returning external content to an agent.
  • Test malicious tool output that asks the agent to call privileged tools or reveal secrets.
08

Release Gate

  • Run install, lint, typecheck, focused tests, and the heuristic scanner in CI.
  • Keep a launch note that lists accepted risks, owner, monitoring, and rollback path.
  • Block release when auth, secret redaction, or write-mode tests are missing.

Human review

Turn this checklist into a ranked report

The $1,000 Agent/MCP Audit Sprint covers one repo or product slice and returns a boundary map, ranked findings, test plan, and launch notes within the 48-hour target after scope and payment confirmation. Public GitHub repo intakes receive an automated no-execution scanner triage comment.

Start an audit Run local scanner Review terms