Mcp-Implementation-Security-Review
Mcp-Implementation-Security-Review is an code AI skill with a core value of |. It
helps developers solve real-world problems in the code domain, boosting
efficiency, automating repetitive tasks, and optimizing workflows.
|
Quick Facts
mkdir -p ./skills/mcp-implementation-security-review && curl -sfL https://raw.githubusercontent.com/github/awesome-copilot/main/skills/mcp-implementation-security-review/SKILL.md -o ./skills/mcp-implementation-security-review/SKILL.md Run in terminal / PowerShell. Requires curl (Unix) or PowerShell 5+ (Windows).
Skill Content
# MCP Implementation Security Review
Process
Step 1 — Classify the target
- Check **MCP protocol version [2025-03-26](https://modelcontextprotocol.io/specification/2025-03-26) or later** (current: [2025-11-25](https://modelcontextprotocol.io/specification/2025-11-25)). Flag older versions as a finding but continue the review.
- Determine whether the target is a **server** or **client**.
- Classify transport as **network-exposed** or **local-only** using the transport reference below.
- Record transport, protocol version, and whether sessions exist.
**Completion criterion:** Target type, protocol status, and transport are identified.
Step 2 — Filter false positives
- Apply the **False Positive Filters** before opening findings.
- Keep docs only when they describe the repo's own server behavior, deployment, transport, or auth posture.
- For framework/SDK repositories, scope findings to the **default configuration** and **public API surface**.
**Completion criterion:** Remaining evidence is in-scope code, repo-owned docs, or public API behavior.
Step 3 — Check baseline controls
- For **network-exposed servers**, check **MCP-01** through **MCP-05**.
- For **local/STDIO servers**, do not mark baseline controls PASS/FAIL; give best-practice notes and continue to RCE review.
- For **clients**, only review token/session handling explicitly visible in client code; do not apply the server baseline unless the user asks for client-side risk review.
**Completion criterion:** Each applicable control has a supported status.
Step 4 — Check RCE vectors
- Review all 7 RCE vectors.
- Mark each vector **SAFE**, **AT RISK**, or **N/A**.
- Prefer direct evidence over inference; the RCE Vectors table below enumerates the patterns to look for.
**Completion criterion:** Every relevant tool has an RCE result or explicit N/A.
Step 5 — Check OWASP MCP Top 10
- Evaluate all 10 OWASP risks below.
- If a control from Step 3 already fully covers an OWASP risk, reference that result rather than re-checking.
- For local/STDIO servers, mark network-dependent OWASP risks (MCP07, MCP09) as N/A.
- Mark each risk PASS, FAIL, or NEEDS INVESTIGATION.
**Completion criterion:** All 10 OWASP risks have outcomes supported by observable evidence or referenced from Step 3.
Step 6 — Report
- Use the **Compliance Output Format** below.
- Include file/line references in every justification.
- Separate code findings from manual follow-ups.
- If evidence is incomplete, use **NEEDS INVESTIGATION** and name the missing artifact.
**Completion criterion:** The report includes controls, RCE, optional OWASP, and actions.
Reference
Decision rules
- **Network-exposed server:** Apply **all 5 controls**, then run RCE and requested OWASP checks.
- **Local/STDIO server:** Give **best-practice guidance only** for the 5 controls; still run RCE because tool input can execute locally.
- **Client:** Review received-token handling and refusal to trust server-provided session IDs; do not force server controls unless asked.
- **Reverse proxy or container exposure:** If traffic can reach the server over a network, treat it as **network-exposed** even if inner binding is localhost.
- **Unclear evidence:** Do not guess. Mark **NEEDS INVESTIGATION** and say what must be verified manually.
- **Ambiguous auth coverage:** Auth middleware exists but it is unclear whether it covers MCP endpoints → mark **NEEDS INVESTIGATION**.
- **Undeterminable transport:** If transport cannot be established from code, flag for manual review and do **not** assume STDIO — defaulting to STDIO would wrongly skip the server controls.
Transport classification
**Network-exposed (enforce all controls):**
| Pattern | Transport |
|---|---|
| `transport="http"` or `transport="sse"` | HTTP/SSE |
| `StreamableHttpServerTransport` | HTTP (TS/JS) |
| `SSEServerTransport` | SSE (TS/JS) |
| `WithHttpTransport()` | HTTP (C#) |
| `host="0.0.0.0"` | All-interfaces binding |
| Express `
🎯 Best For
- Engineering teams doing code reviews
- Open source maintainers
- Security auditors
- DevSecOps teams
- Compliance officers
💡 Use Cases
- Reviewing pull requests for security vulnerabilities
- Checking code style consistency
- Auditing dependencies for known CVEs
- Scanning API endpoints for auth gaps
📖 How to Use This Skill
- 1
Install the Skill
Copy the install command from the Terminal tab and run it. The SKILL.md file downloads to your local skills directory.
- 2
Load into Your AI Assistant
Open Claude or GitHub Copilot and reference the skill. Paste the SKILL.md content or use the system prompt tab.
- 3
Apply Mcp-Implementation-Security-Review to Your Work
Open your project in the AI assistant and ask it to apply the skill. Start with a small module to verify the output quality.
- 4
Review and Refine
Review AI suggestions before committing. Run tests, check for regressions, and iterate on the skill output.
❓ Frequently Asked Questions
Does this skill check for OWASP Top 10?
Security-focused review skills often include OWASP checks. Check the skill content for specific vulnerability categories covered.
Can this replace a dedicated SAST tool?
AI-based security review is complementary to SAST tools. Use it as a first-pass filter, not a replacement.
Is Mcp-Implementation-Security-Review compatible with Cursor and VS Code?
Yes — this skill works with any AI coding assistant including Cursor, VS Code with Copilot, and JetBrains IDEs.
Do I need specific dependencies for Mcp-Implementation-Security-Review?
Check the install command and Works With section. Most code skills only require the AI assistant and your codebase.
How do I install Mcp-Implementation-Security-Review?
Copy the install command from the Terminal tab and run it. The skill downloads to ./skills/mcp-implementation-security-review/SKILL.md, ready to use.
⚠️ Common Mistakes to Avoid
Blindly accepting AI suggestions
Always verify AI-generated review comments. Some suggestions may not apply to your specific codebase conventions.
Only scanning surface-level issues
Deep security review requires understanding your app architecture, not just regex patterns.
Skipping validation
Always test AI-generated code changes, even for simple refactors.
Missing dependency updates
Check if the skill requires updated dependencies or new packages.