Show HN: Open-source security scanner for MCP (Model Context Protocol) servers (www.npmjs.com)

A new open-source tool, the MCP Security Auditor, has been released to enhance the security of Model Context Protocol (MCP) servers, which are essential for AI assistants like Claude and Copilot. This scanner identifies vulnerabilities, hardcoded secrets, injection risks, and misconfigurations early in the development process, allowing developers to mitigate these risks before deployment. It works seamlessly with any MCP server built using frameworks like the official MCP SDK, FastMCP, and supports languages such as TypeScript, JavaScript, and Python. The significance of this tool lies in its ability to safeguard AI infrastructure by preventing potential leaks or breaches caused by configuration errors. By detecting issues such as hardcoded API keys, unsafe commands, and insecure network settings, developers can maintain the integrity of their systems. The MCP Security Auditor offers various output formats—including text, JSON, and HTML reports—for easy integration into CI/CD workflows, enhancing overall security practices in the rapidly evolving AI landscape.