48-hour async review for teams shipping agent tools

Agent/MCP Security Review Packages

Start with a $99 quick scan, a $299 focused review, or the $1,000 full audit sprint. I review agent and MCP products for the practical failure modes that break launches: tool boundaries, secrets, auth, prompt/tool injection, test gaps, and deployment assumptions.

Buy quick scan Start an audit Reserve audit slot AI agent audit View service MCP server scan Read sample reports Use checklist Build request brief Review terms

Entry: $99 quick scan
Focused: $299 same-day review
Scope: 1 repo or product slice
Full: $1,000 sprint

What ships

A review a maintainer can act on immediately

Boundary Map

Every tool, transport, credential, external API, and write action mapped into read-only, write, destructive, and privileged paths.

Risk Findings

Ranked issues with reproduction steps, evidence, affected files, severity, impact, and the lowest-risk fix path.

Test Plan

Concrete tests for tool contracts, auth gates, secret redaction, retry behavior, and failure states that agents commonly trigger.

Launch Notes

Short handoff covering what to fix now, what to monitor, and what to defer without increasing customer-facing risk.

Sample evidence

Based on real public repos, not a synthetic demo

The sample audits cover five public-code targets: douban-mcp, a public MCP server + CLI with auth, write tools, and external scraping; firecrawl-mcp-server, a production MCP server with hosted/local transports, OAuth, monitor tools, and local parsing; browserbase/mcp-server-browserbase, a browser automation MCP server with stdio and HTTP transports, sessions, page actions, observation, and extraction tools; jackjin1997/sentinel, a self-owned autonomous incident-response agent; and jackjin1997/agentgap, a self-owned agent config and MCP bridge.

Open the douban-mcp sample report Open the Firecrawl MCP sample report Open the Browserbase MCP sample report Open the Sentinel dogfood report Open the AgentGap dogfood report Compare all five sample reports

HighRemote SSE should document binding and exposure policy

MedBrowserbase HTTP transport needs an explicit exposure matrix

LowOperational logs should treat URLs, sessions, and downloads as sensitive artifacts

PassBrowserbase sample passed pnpm install, build, and tests

Best fit

For founders and maintainers who already have something running

MCP servers with local or remote transports

Agent tools that touch user accounts or external APIs

CLI-to-agent bridges before a public launch

LLM workflows with write actions, publishing, or secrets

Small teams that need a senior outside review without a long consulting process

Open-source maintainers preparing a paid cloud or hosted version

Free triage tool

Run the same first-pass scanner before booking

The repo includes a browser scanner for public GitHub URLs, a private local-file scanner, a Node script, and a reusable GitHub Action that scan an agent or MCP codebase for review signals: transports, write actions, credential paths, auth gates, redaction, tests, and CI.

Open the MCP server security scan page Open the AI agent security audit page Open the AI Agent Security Radar Open the MCP Security Radar Use the GitHub Code Scanning workflow Paste a public GitHub URL Use the scanner Open the MCP security checklist

Runnpm exec --yes github:jackjin1997/agent-audit-sprint -- /path/to/repo

JSONnpm --silent run audit:repo -- /path/to/repo --json

SARIFuses: jackjin1997/agent-mcp-code-scan-action@v1 with sarif: "true"

ThenBook the paid sprint for human review and fix planning

Ready to start

Generate a clean audit request brief

Use this local-only builder to prepare the exact scope, delivery preference, and payment network before opening a GitHub request. Public GitHub repo requests get an automated no-execution scanner triage comment before paid scope acceptance.

Project or repo URL Delivery visibility Payment network Target delivery date

Scope Highest concern

Open request

Payment

Fixed price, crypto-ready, invoice-first friendly

Open an audit request, include the repo/product slice, and pay after scope is accepted. ETH, ERC-20 USDC/USDT/DAI, SOL, and SPL USDC are ready now; if you need an invoice-first discussion, choose that option in the intake form.

Review the Statement of Work before payment Open the fixed $1,000 quote

Open an intake issue with the repo, scope, preferred network, and asset.
Pay $1,000 after scope is accepted, or request invoice discussion first.
Reply with the transaction hash; the audit starts after confirmation.

Ethereum

0xa7F2235a77FBc4eCcbF60923BCDF6Df74eC710FF

Accepted assets after scope acceptance: ETH or ERC-20 USDC/USDT/DAI.

Solana

5CjUaMAsbXx2Hjczwoqi4MChTU1KjfUzbdiwPqZeceVM

Accepted assets after scope acceptance: SOL or SPL USDC.

Operator

Zexu Jin

Backend engineer focused on Agent Harness, Tool Use, MCP, Evals, and AI infrastructure.

Start an audit Reserve audit slot Ask before booking GitHub profile