The audit module scans MCP servers by enumerating exposed tools, resources, and prompts, then running security checks mapped to the OWASP MCP Top 10, MITRE ATLAS, CWE, and OWASP Agentic Top 10. It produces structured findings with severity ratings and remediation guidance.Documentation Index
Fetch the complete documentation index at: https://docs.q-uestionable.ai/llms.txt
Use this file to discover all available pages before exploring further.
What It Tests
MCP servers execute real actions — running commands, querying databases, writing files. When misconfigured or compromised, they can leak credentials, escalate privileges, inject instructions into agent workflows, or execute arbitrary commands. The audit module checks for these issues systematically.How It Works
The audit scanning pipeline follows four steps:- Connect — Establish a connection to the target MCP server (stdio, SSE, or Streamable HTTP)
- Enumerate — Discover all tools, resources, and prompts exposed by the server
- Scan — Run each scanner module against the server’s attack surface (static analysis, dynamic probing, or both)
- Report — Output findings in JSON, SARIF, HTML, NDJSON, or CSV format with framework mappings
Scanner Categories
The audit module includes 10 scanner modules, each targeting one OWASP MCP Top 10 category:| Scanner | Category | Checks |
|---|---|---|
token_exposure | Token Mismanagement & Secret Exposure | Credential leakage in schemas, responses, error messages |
permissions | Privilege Escalation via Tools | Excessive tool counts, dangerous categories, unconstrained parameters |
tool_poisoning | Tool Poisoning | Embedded instructions, Unicode tricks, suspicious patterns |
supply_chain | Supply Chain & Integrity | Server identity, CVE checking, tool provenance |
injection | Command Injection via Tools | Shell injection, argument injection, path traversal payloads |
prompt_injection | Indirect Prompt Injection | Injection patterns in tool responses |
auth | Insufficient Authentication/Authorization | Unauthenticated enumeration, unencrypted transports |
audit_telemetry | Insufficient Audit & Telemetry | Logging, monitoring, error handling capabilities |
shadow_servers | Shadow MCP Servers | Development markers, unmanaged deployment indicators |
context_sharing | Context Over-Sharing | Session data leakage, context oversharing, resource scope |
Report Formats
Generate findings in any format:- JSON — Programmatic consumption, database integration
- SARIF — GitHub Code Scanning integration, CI/CD automation
- HTML — Human-readable reports with interactive navigation
- NDJSON — Streaming format for large scan results
- CSV — Spreadsheet analysis and reporting
Framework Mapping
Every finding is mapped to multiple security frameworks:- OWASP MCP Top 10 — Agentic AI security framework specific to MCP
- OWASP Agentic Top 10 — Broader agentic AI security categories
- MITRE ATLAS — Machine learning attack tactics and techniques
- CWE — Software weakness catalog for root cause tracking
What to Expect
Audit is automated. Runqai audit scan, select scanners (or run all), and get a structured report. No manual iteration, no payload crafting. Scanners can be individually selected via --checks. New scanners can be added by subclassing BaseScanner and registering in the scanner registry.
Next Steps
- Audit CLI — Scan commands, flags, and options
- Scanner Catalog — Detailed description of each scanner
- Framework Coverage — Mapping tables for OWASP, MITRE, and CWE
- SARIF Output — Report format and CI integration
- Fixtures — Vulnerable test servers for scanner validation