MCP Safety Audit: LLMs with the Model Context Protocol Allow Major Security Exploits Brandon Radosevich*, John Halloran*
Paper: https://www.arxiv.org/abs/2504.03767
MCPSafetyScanner is a safety auditor for Model Contenxt Protocol (MCP) servers. Point it at your MCP server config file and the software will use multiple agents to audit your setup and produce a safety report. Developers can use this info to patch exploits and users can use this info to harden their system.
Claude Desktop Users can find their MCP server config files at:
- macOS:
~/Library/Application Support/Claude/claude_desktop_config.json - Windows:
%APPDATA%\Claude\claude_desktop_config.json
git clone https://github.com/johnhalloran321/mcpSafetyScanner
cd mcpSafetyScanner
python -m pip install -e .
An example MCP config is supplied in the examples of the repo. After updating the relevant directories and access credentials, you can perform a safety audit with the installed software by running:
export OPENAI_API_KEY="YOUR_API_KEY"
python3 mcpsafety/scanner/scan.py --config examples/example_config.json
The report would thus alert developers to screen for ~/.ssh/authorized_keys and *.pem files, while also placing direct guardrails around printing environment variables with sensitive information (e.g., api keys). The report would thus alert users to be cautious of providing paths containing .ssh/authorized_keys or *.pem files, and, alternatively, restrict user write permissions to such files.
The software requires python >= 3.11.
If using conda and npx is not installed, run
conda install conda-forge::nodejs
If you use this code in your research, please cite:
@article{radosevich2025mcp,
title={MCP Safety Audit: LLMs with the Model Context Protocol Allow Major Security Exploits},
author={Radosevich, Brandon and Halloran, John},
journal={arXiv preprint arXiv:2504.03767},
year={2025}
}