Mcpaudit – static security scanner for MCP servers
First static analyzer for MCP servers catching command injection before you plug it in.
Find and fix web-app vulnerabilities in one command — SAST + DAST + AI, for devs who aren't security experts.
40 scanners in one command when GitHub Advanced Security already exists.
Web developers, small teams without dedicated security expertise
Snyk · Semgrep · GitHub Advanced Security
First static analyzer for MCP servers catching command injection before you plug it in.
Two neat ideas here: dual scores (Market vs Value) and side‑by‑side comparisons with filters for compliance and team size — those make vendor shortlists usable instead of noisy. The tech is pragmatic: a Google Sheet served via a PHP CSV proxy and parsed client‑side keeps the CMS trivial, but that approach could become a scaling or trust bottleneck as the dataset and verification needs grow. Visually the site looks sharp, but the long game depends on how rigorously listings are vetted and updated.
Catches malicious skills before they steal your AWS keys or pipe data exfiltration.
Yet another AI-to-shell wrapper in a category with a dozen established alternatives.
Yet another AI code review tool competing with CodeRabbit, Reviewable, and GitHub Copilot reviews.
Deterministic prompt linter flags injection, exfiltration, obfuscation before LLM runs—treats prompts as executable code.