I built MCPSEC, a security gatekeeper for MCP (Model Context Protocol) toolchains.
It scans MCP configs, correlates vulnerability intel (OSV / GHSA / NVD), simulates tool abuse with an LLM-based probe agent, generates a policy + patch plan, applies hardening, then re-scans and gates CI on the final risk score.
The design is intentionally agentic: - Inventory agent: parses MCP configs - Intel agent: pulls vuln data (OSV / GHSA / NVD) - Probe agent (LLM, optional): generates adversarial tool abuse prompts - Policy agent (LLM, optional): turns findings into concrete config changes - Orchestrator: merges results, scores risk, writes reports, applies patches
You can run it locally as a CLI or drop it into CI as a GitHub Action: - It produces before/apply/after reports as artifacts - It can fail PRs if the final risk score stays above a threshold - Without an LLM token it works as a deterministic scanner; with one it becomes a true “security copilot”
Repo: https://github.com/yuvrajgitwork/MCP-toolchain-security-GK Demo workflow: scan → apply → rescan → lower score
I built this because MCP toolchains are becoming powerful and over-privileged very quickly, and there’s basically no security gate for them yet.
Would love feedback from folks working in AI infra / security.