Server data from the Official MCP Registry
Static blast-radius audit for MCP servers before agent install. Manifest optional.
Static blast-radius audit for MCP servers before agent install. Manifest optional.
This is a well-designed security auditing tool for MCP servers with solid architecture and proper input validation. The codebase demonstrates good security practices: no hardcoded credentials, safe AST-based static analysis, and appropriate permission scoping. Minor findings include broad exception handling and limited validation in edge cases, but these do not constitute security vulnerabilities. The tool itself operates safely as a scanner and validator. Supply chain analysis found 3 known vulnerabilities in dependencies (0 critical, 3 high severity). Package verification found 1 issue.
7 files analyzed · 8 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
This plugin requests these system permissions. Most are normal for its category.
Set these up before or after installing:
Environment variable: AOS_VALIDATOR_TARGET_DIR
Environment variable: AOS_VALIDATOR_MCP_LOG
Environment variable: AOS_VALIDATOR_CALLER
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-aos-standard-mcp-blast-radius": {
"env": {
"AOS_VALIDATOR_CALLER": "your-aos-validator-caller-here",
"AOS_VALIDATOR_MCP_LOG": "your-aos-validator-mcp-log-here",
"AOS_VALIDATOR_TARGET_DIR": "your-aos-validator-target-dir-here"
},
"args": [
"mcp-blast-radius"
],
"command": "uvx"
}
}
}From the project's GitHub README.
See what any MCP server can actually touch — before you add it to your agent.
No manifest? You still get the full blast-radius report. Add a manifest to also catch divergences.
Also, if the server declares a manifest: Catch an MCP server that touches files it said it wouldn't — and block the merge in CI.
Statically extract what a third-party MCP server can reach (files, network, subprocess, env) via surface-level analysis. Compare against declared boundaries when a manifest is present.
1 — Install & scan
pip install mcp-blast-radius==0.2.2
mcp-blast-radius-gate --gate-mode advisory --target-dir /path/to/mcp-server
2 — Example target (any cloned MCP repo root)
git clone --depth 1 https://github.com/oraios/serena.git /tmp/serena
mcp-blast-radius-gate --gate-mode advisory --target-dir /tmp/serena
3 — Report findings — Open a GitHub issue with your JSON output (structured template loads automatically).
pip install mcp-blast-radius
mcp-blast-radius-gate --gate-mode blocking --target-dir /path/to/mcp-server
pipx run mcp-blast-radius starts the MCP stdio server (for Claude Desktop / Cursor). For CLI scanning, use mcp-blast-radius-gate as above.
python3 -m venv .venv
source .venv/bin/activate
pip install .
mcp-blast-radius # MCP stdio server
mcp-blast-radius-gate # CI gate (default blocking, exit 1 on fail)
mcp-blast-radius-gate --gate-mode blocking --target-dir .
# no divergences → exit 0 / divergences or declaration violations → exit 1
aos_compliance_validate — scan one MCP server directory (target_dir required; tool_id optional label)aos_compliance_self_test — wiring smoke testDefault gate_mode=advisory. Use gate_mode=blocking in CI to fail on divergences.
| Layer | Scope | Confidence |
|---|---|---|
| Dependencies | requirements.txt, pyproject.toml, package.json | declared |
| Python AST | imports, file I/O, network, env, subprocess; MCP tool attribution | observed-static / cannot-determine |
| Divergence | manifest permitted_output_paths / oracle_paths vs observed access | blocking when mismatch |
Limitations: Static analysis only. Dynamic imports, getattr/eval, obfuscation, and native extensions may hide capabilities. We do not claim complete coverage — every finding includes a confidence label.
| Variable | Purpose |
|---|---|
AOS_VALIDATOR_TARGET_DIR | Default scan root when target_dir is omitted |
AOS_VALIDATOR_MCP_LOG | JSONL path for local tool call log (never sent externally) |
AOS_VALIDATOR_CALLER | Caller label (ci, smoke_self_call, etc.) |
aos_compliance_validate target_dir=/path/to/my-mcp-server gate_mode=blocking
MIT
Be the first to review this server!
by Modelcontextprotocol · Developer Tools
Read, search, and manipulate Git repositories programmatically
by Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
by mcp-marketplace · Developer Tools
Create, build, and publish Python MCP servers to PyPI — conversationally.