Connects to the Eren Security Auditor API to run AI-powered vulnerability scans on GitHub repositories. Exposes four tools: security_scan kicks off a full audit (1-10 minutes), audit_status checks progress, audit_list shows recent scans, and audit_stats aggregates findings across runs. Results include OWASP Top 10 and CWE classifications with risk scores and remediation guidance. Runs in stdio mode for Claude Desktop or HTTP for remote clients. Free tier gives you one scan per day, then it returns a 402 payment required response with USDC wallet instructions if you need more. Reach for this when you want security feedback on a codebase without running static analysis tools locally.
AI-powered code security auditor exposed via the Model Context Protocol (MCP). Scans GitHub repositories for vulnerabilities using LLM-powered analysis and returns structured findings with OWASP Top 10 and CWE references.
| Tool | Description |
|---|---|
security_scan | Run a full security audit on a GitHub repository (1-10 min) |
audit_status | Check the status of a running or completed audit |
audit_list | List recent security audits with summary info |
audit_stats | Get aggregate statistics (total audits, findings, risk scores) |
pip install mcp
AUDIT_ENDPOINT=https://your-api-host AUDIT_API_KEY=your-key python server.py --transport streamable-http --port 8200
Server runs at http://localhost:8200/mcp.
pip install mcp
AUDIT_ENDPOINT=https://your-api-host AUDIT_API_KEY=your-key python server.py --transport stdio
Add to ~/.claude/settings.json:
{
"mcpServers": {
"security-audit": {
"command": "python",
"args": ["path/to/server.py", "--transport", "stdio"],
"env": {
"AUDIT_ENDPOINT": "https://your-api-host",
"AUDIT_API_KEY": "your-key"
}
}
}
}
docker build -t mcp-security-audit .
docker run -p 8200:8200 -e AUDIT_ENDPOINT=https://your-api-host -e AUDIT_API_KEY=your-key mcp-security-audit
| Variable | Default | Description |
|---|---|---|
AUDIT_ENDPOINT | (required) | Audit API base URL |
AUDIT_API_KEY | (required) | API key for authentication |
PORT | 8200 | HTTP server port |
HOST | 0.0.0.0 | HTTP bind address |
SCAN_FREE_TIER | 1 | Free scans per day per client |
SCAN_PRICE_USD | 0.25 | Price in USD for paid scan (x402 payload) |
SCAN_WALLET_ADDRESS | (empty) | USDC/Base wallet address for payment instructions |
MCP_BILLING_DB | /opt/mcp-audit/billing.db | SQLite path for rate limit + API key data |
MCP_BILLING_ENABLED | true | Set to false to disable billing entirely |
Free tier: SCAN_FREE_TIER scans/day per session (default: 1). No key needed.
Paid tier: Unlimited scans. Pass an API key as the api_key parameter or in the X-API-Key header. Keys are generated after BTC payment confirmation.
Payment required (x402): When the free tier is exhausted and no valid API key is provided, security_scan returns a JSON payload with HTTP 402 semantics:
{
"error": "payment_required",
"http_status": 402,
"message": "Free tier exhausted (1 scan/day). Add X-API-Key header with a paid key, or pay $0.25 USDC to scan.",
"free_tier": { "scans_per_day": 1, "resets": "00:00 UTC" },
"payment": {
"price": "0.25",
"currency": "USDC",
"network": "base",
"address": "YOUR_WALLET_ADDRESS",
"message": "Pay $0.25 USDC on Base to https://eren-solutions.com/audit/pay"
}
}
Once connected via an MCP client:
> Use security_scan to audit https://github.com/juice-shop/juice-shop
Scanning juice-shop/juice-shop (master branch)...
Found 47 findings across 200 files.
Risk Score: 72/100
Critical: 3 | High: 8 | Medium: 15 | Low: 12 | Info: 9
Top findings:
- [CRITICAL] SQL Injection in /routes/search.ts (CWE-89)
- [CRITICAL] Insecure JWT Secret (CWE-798)
- [HIGH] XSS via DOM manipulation in /frontend/src/... (CWE-79)
MCP Client → MCP Server (this repo) → Audit API → Clone repo → LLM scan → Findings
The server proxies tool calls to the Eren Security Auditor API, which:
MIT
ray0907/git-mcp-server
cyanheads/git-mcp-server
io.github.b1ff/atlassian-dc-mcp-bitbucket
io.github.b1ff/atlassian-dc-mcp-jira
com.mcparmory/atlassian-jira
sirlordt/vscode-terminal-mcp