RSS

MCP-customs: NPM audit, but for MCP servers

mcpcustoms1 pts0 comments

GitHub - mcpcustoms/mcp-customs: Inspect an MCP server before you let it through. Offline, zero telemetry. · GitHub

/" data-turbo-transient="true" />

Skip to content

Search or jump to...

Search code, repositories, users, issues, pull requests...

-->

Search

Clear

Search syntax tips

Provide feedback

--><br>We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Cancel

Submit feedback

Saved searches

Use saved searches to filter your results more quickly

-->

Name

Query

To see all available qualifiers, see our documentation.

Cancel

Create saved search

Sign in

/;ref_cta:Sign up;ref_loc:header logged out"}"<br>Sign up

Appearance settings

Resetting focus

You signed in with another tab or window. Reload to refresh your session.<br>You signed out in another tab or window. Reload to refresh your session.<br>You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

{{ message }}

mcpcustoms

mcp-customs

Public

Notifications<br>You must be signed in to change notification settings

Fork

Star

main

BranchesTags

Go to file

CodeOpen more actions menu

Folders and files<br>NameNameLast commit message<br>Last commit date<br>Latest commit

History<br>2 Commits<br>2 Commits

.github/workflows

.github/workflows

bin

bin

examples

examples

src

src

LAUNCH_POST.md

LAUNCH_POST.md

LICENSE

LICENSE

PROJECT_OVERVIEW.md

PROJECT_OVERVIEW.md

README.md

README.md

package.json

package.json

View all files

Repository files navigation

mcp-customs

Inspect an MCP server for common security risks before you install it.<br>Runs fully offline. No telemetry, no cloud upload, no account.

npx mcp-customs scan ./some-mcp-server

──────────────────────────────────────────────────────<br>MCP-CUSTOMS INSPECTION REPORT<br>──────────────────────────────────────────────────────<br>target ./some-mcp-server<br>files scanned 14<br>score 62 / 100<br>stamp [ REVIEW ]<br>──────────────────────────────────────────────────────<br>[HIGH] MCP002 — Unsanitized file path (possible path traversal)<br>server.js:41 return fs.readFileSync(userPath, 'utf8');<br>fix: Resolve the path against an allowed base directory ...

Why

Developers install MCP servers the way they used to install npm packages —<br>quickly, trusting the name, and moving on. An MCP server can read your<br>files, call your APIs, and execute commands on your behalf. Almost nobody<br>checks what it can actually do before connecting it to their agent.

mcp-customs is the "audit before install" step, run locally, in seconds.

What it checks (v0.1)

Rule<br>Severity<br>What it looks for

MCP001<br>critical<br>Shell command execution with unsanitized interpolation

MCP002<br>high<br>File reads/writes without a path-traversal guard

MCP003<br>critical<br>eval() / dynamic code execution

MCP004<br>high<br>Hardcoded API keys / credentials

MCP005<br>critical<br>Tool descriptions containing hidden-instruction language (prompt injection via the tool's own metadata)

MCP006<br>medium<br>Outbound network calls combined with environment-variable reads (possible exfiltration)

MCP007<br>low<br>No permissions/scopes declared in the manifest

These are heuristic, regex-based checks — fast and fully auditable in one<br>sitting, not a dataflow analysis. They will produce false positives and<br>will miss things a deeper analysis would catch. Treat a CLEARED stamp as<br>"nothing obvious," not "verified safe."

CI usage

# .github/workflows/mcp-customs.yml<br>- run: npx mcp-customs scan . --sarif results.sarif --fail-on high<br>- uses: github/codeql-action/upload-sarif@v3<br>with:<br>sarif_file: results.sarif

Get a badge for your README

npx mcp-customs scan . --badge --name your-server-name

Roadmap

Publish scan results to a public registry (mcp-customs.dev) with searchable trust scores

Dynamic/sandboxed analysis (catch what static checks miss)

Python-specific AST checks (current Python rules are regex-only)

Community flagging / verification on registry entries

License

Apache-2.0. No open-core trap — this CLI stays free either way. If a<br>hosted registry/dashboard ships later, that's a separate paid product;<br>this tool's local scanning will never require it.

About

Inspect an MCP server before you let it through. Offline, zero telemetry.

Resources

Readme

License

Apache-2.0 license

Uh oh!

There was an error while loading. Please reload this page.

Activity

Stars

stars

Watchers

watching

Forks

forks

Report repository

Releases

No releases published

Packages

Uh oh!

There was an error while loading. Please reload this page.

Contributors

Uh oh!

There was an error while loading. Please reload this page.

Languages

JavaScript<br>100.0%

You can’t perform that action at this time.

customs server github reload before search

Related Articles

Apple WWDC 2026 Livestream

nextstep32 ptsapple stream video event live feed

Claude Fable 5

Philpax30 ptsfable claude mythos model models capabilities

US Government directive to suspend access to Fable 5 and Mythos 5

Dylan131224 ptsfable government anthropic jailbreak access mythos

German ruling declares Google liable for false answers in AI Overviews

ahlCVA15 ptsgoogle court search overviews content users

Britain Became as Poor as Mississippi

SanjayMehta15 ptsbritain mississippi next financial crisis self
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.