frontpage.

MCP servers let AI assistants (Claude, Copilot, Cursor) interact with databases, APIs, and filesystems. I've been reviewing a lot of these — both open-source and internal — and keep finding the same issues: hardcoded API keys, eval() on user input, SQL injection via string concatenation, wildcard permissions, disabled TLS.

So I built a static analysis scanner specifically for MCP servers. It runs 7 analyzers (secrets, static code, prompt injection, SQL/command injection, permissions, network, dependencies) and takes ~45ms on a typical server.

Usage:

  npx mcp-security-auditor scan ./my-mcp-server

No account, runs locally. Outputs text, JSON, SARIF (for GitHub Security tab), HTML, or Markdown. Has a CI mode that exits non-zero above a severity threshold.

Available on both npm and PyPI. MIT licensed.

npm: https://www.npmjs.com/package/mcp-security-auditor PyPI: https://pypi.org/project/mcp-security-auditor/ Dev.to writeup with examples: https://dev.to/prabhu_raja_fe2261464cb8e/how-to-scan-your-mc...

Would love feedback on detection patterns — there are definitely gaps I haven't covered yet.

DIY build log: Human society v1.0.0

Show HN: PortLume AI – Auto-generate portfolios from GitHub and AI job tools

China is becoming a green superpower as Trump retreats from climate goals

Show HN: Raft – Open-source tab manager because extensions have trust issues

The Mathematician Lifting the Lid on Trump's "Attacks"

Measuring AI agent autonomy in practice

Agentic Engineering in Practice

Analytical Queries on the GPU

Show HN: Axon – Let coding agents develop their own framework on Kubernetes

Show HN: RepoSweeper – Bulk GitHub action: archive, delete, collab, visibility

Real-time global intelligence dashboard

Show HN: TextWeb – Text-grid browser for AI agents, no screenshots needed

Show HN: EasyMemory – 100% local memory layer and MCP for LLMs

A Display Powered by Air: 3D Printed Microfluidic Multiplexing [video]

We're Measuring Data Center Sustainability Wrong

Google DeepMind wants to know if chatbots are just virtue signaling

Laser-etched glass can store data for 10k years, Microsoft says

Show HN: SpeechDock – Transcribe any audio on your Mac, not just your microphone

Show HN: Credential Shield Protocol – Server-blind breach checking for passwords

Ask HN: How do you employ LLMs for UI development?

Ford to follow Tesla Cybertruck with electrical tech in new EV pickup

Show HN: Recycle Abroad, Recycling Overview

Four Futures for Jobs in the New Economy: AI and Talent in 2030

The Roles of People in AI-Era Cognition-Driven Companies

Neoliberalism as Corporate Power (2020)

Dutch police arrest man for "hacking" after accidentally sending him files

Show HN: LLM-use – cost-effective LLM orchestrator for agents

Salt: Systems Programming, Mathematically Verified

Show HN: Learn GPU programming with coding agents

Show HN: Cerebro – A hosted AI agent with real browser, web search, and email

Show HN: Open-source security scanner for MCP (Model Context Protocol) servers