Auditing MCP Servers for Over-Privileged Tool Capabilities
Charoes Huang, Xin Huang, Amin Milani Fard
TL;DR
This paper introduces mcp-sec-audit, a toolkit for auditing MCP servers to detect and mitigate over-privileged capabilities that could be exploited, enhancing the security of LLM tool integrations.
Contribution
It presents an extensible security assessment toolkit combining static analysis and dynamic fuzzing for MCP servers, a novel approach for security auditing in this context.
Findings
Detects risky capabilities in MCP servers
Provides mitigation recommendations
Combines static pattern matching and sandboxed fuzzing
Abstract
The Model Context Protocol (MCP) has emerged as a standard for connecting Large Language Models (LLMs) to external tools and data. However, MCP servers often expose privileged capabilities, such as file system access, network requests, and command execution that can be exploited if not properly secured. We present mcp-sec-audit, an extensible security assessment toolkit designed specifically for MCP servers. It implements static pattern matching for Python-based MCP servers and dynamic sandboxed fuzzing and monitoring via Docker and eBPF. The tool detects risky capabilities through configurable rule-based analysis and provides mitigation recommendations.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsScientific Computing and Data Management · Model-Driven Software Engineering Techniques · Software System Performance and Reliability