mcpaudit CLI scans MCP configs for plaintext secrets and shell access
u/boblidhar shared `npx @bitofacoder/mcpaudit`, a local MIT-licensed TypeScript CLI that scans MCP server configs for plaintext tokens, supply-chain risks, and unrestricted shell access — and found real issues in their own setup.
Score breakdown
The tool surfaces real, exploitable MCP misconfigurations — including plaintext credentials and unrestricted shell access — that exist in local developer setups without the operator being aware of them.
- 01Tool is invoked via `npx @bitofacoder/mcpaudit`
- 02Reads configs from Claude Desktop, Claude Code, Cursor, and Windsurf
- 03Flags plaintext secrets, `@latest` supply-chain risk, HTTP transports, and shell-wrapped launches
u/boblidhar on r/mcp announced `npx @bitofacoder/mcpaudit`, a TypeScript CLI tool designed to audit MCP server configurations for security vulnerabilities. The tool parses config files from Claude Desktop, Claude Code, Cursor, and Windsurf, flagging four categories of risk: plaintext secrets, `@latest` dependency references (a supply-chain risk), HTTP transports, and shell-wrapped server launches. When the author ran it against their own setup, it uncovered a plaintext token and two servers with unrestricted shell access — concrete findings that motivated the post.
The optional `--deep` flag extends the scan by actually launching each configured server and inspecting the tools it exposes, flagging any that can execute shell commands, write to the filesystem, or call `eval`.
The optional `--deep` flag extends the scan by actually launching each configured server and inspecting the tools it exposes, flagging any that can execute shell commands, write to the filesystem, or call `eval`. The tool is fully local and explicitly designed never to print secret values, only flag their presence. It is MIT-licensed, written in TypeScript, and the GitHub repo includes a demo GIF. The author invited others running many MCP servers to share their own finding counts in the comments.
Key facts
- 01Tool is invoked via `npx @bitofacoder/mcpaudit`
- 02Reads configs from Claude Desktop, Claude Code, Cursor, and Windsurf
- 03Flags plaintext secrets, `@latest` supply-chain risk, HTTP transports, and shell-wrapped launches
- 04`--deep` flag launches each server and flags tools that can exec, write, or eval
- 05Author's own scan found a plaintext token and 2 servers with unrestricted shell access
- 06Tool is 100% local and never prints secret values
- 07MIT-licensed, written in TypeScript
Topics
Summary and scoring are generated automatically from the original article. We always link back to the publisher and never republish images or paywalled content. Last processed Jun 11, 2026 · 08:34 UTC. How this works →