Dashboard / Repos / Mcp Scan Action

Mcp Scan Action

D 58 completed
Security
unknown / markdown · tiny
14
Files
687
LOC
0
Frameworks
3
Languages
OverviewFiles & MetricsGit ActivityCall GraphSecurityReports

Pipeline State

completed
Run ID
#365025
Phase
done
Progress
1%
Started
Finished
2026-04-13 01:31:02
LLM tokens
0

Pipeline Metadata

Stage
Cataloged
Decision
proceed
Novelty
40.62
Framework unique
Isolation
Last stage change
2026-05-10 03:34:36
Deduplication group #53350
Member of a group with 10 similar repo(s) — canonical #70987 view group →
Top concepts (1)
Project Description
Repobility — the code-quality scanner for AI-generated software · https://repobility.com

AI Prompt

Create a GitHub Action that scans Model Context Protocol (MCP) servers, AI agents, and LLM pipelines for security vulnerabilities. The action should be easily integrated with a single YAML line and should report any findings directly to the repository's security tab. It needs to support multiple scan engines and ideally check for vulnerabilities like arbitrary JS execution or SSRF. Please use Python for the core scanning logic and structure it as a CI action.
github-action security ci/cd python yaml ai llm security-scanning
Generated by gemma4:latest

Catalog Information

A CI action that scans MCP servers, AI agents, and LLM pipelines for security vulnerabilities and reports findings to the repository's security tab.

Description

This tool is a continuous integration action that automatically scans Model Context Protocol (MCP) servers, AI agents, and large‑language‑model pipelines for a wide range of security vulnerabilities. It performs 24 distinct checks across four specialized scan engines, covering issues such as arbitrary code execution, credential leakage, supply‑chain risks, and server‑side request forgery. The results are output in SARIF 2.1.0 format and uploaded directly to the repository’s security tab, enabling developers to see alerts in a familiar interface. The action requires no API key or runtime cost, making it easy to add to any CI workflow with a single line of YAML. It is designed for teams building MCP‑based services who need automated, continuous security validation before code merges.

الوصف

تُعد هذه الأداة إجراءً مستمرًا في بيئة التكامل (CI) تقوم بفحص خوادم بروتوكول السياق النموذجي (MCP) ووكلاء الذكاء الاصطناعي وخطوط أنابيب النماذج اللغوية الكبيرة للكشف عن مجموعة واسعة من الثغرات الأمنية. تُنفّذ 24 فحصًا مختلفًا عبر أربعة محركات فحص متخصصة، تغطي مشاكل مثل تنفيذ التعليمات البرمجية العشوائية، تسريب بيانات الاعتماد، مخاطر سلسلة التوريد، وسرقة طلبات الخادم. تُصدر النتائج بتنسيق SARIF 2.1.0 وتُرفع مباشرة إلى علامة التبويب الأمنية للمستودع، ما يتيح للمطورين رؤية التنبيهات في واجهة مألوفة. لا تتطلب الأداة مفتاح API أو تكلفة تشغيل، مما يجعلها سهلة الإضافة إلى أي سير عمل CI بخط واحد من YAML. تم تصميمها للفرق التي تبني خدمات مبنية على MCP وتحتاج إلى التحقق الأمني المستمر قبل دمج الكود.

Novelty

8/10

Tags

security-scanning continuous-integration mcp-vulnerability-detection ai-agent-security llm-pipeline-audit ci-action-integration sarif-output

Claude Models

claude-sonnet-4.6 claude-opus-4.6

Quality Score

D
58.1/100
Structure
54
Code Quality
65
Documentation
59
Testing
15
Practices
66
Security
100
Dependencies
60

Strengths

  • CI/CD pipeline configured (github_actions)
  • Consistent naming conventions (snake_case)
  • Good security practices \u2014 no major issues detected
  • Properly licensed project

Weaknesses

  • No tests found \u2014 high risk of regressions

Recommendations

  • Add a test suite \u2014 start with critical path integration tests
  • Add a linter configuration to enforce code style consistency

Security & Health

4.1h
Tech Debt (E)
A
OWASP (100%)
PASS
Quality Gate
A
Risk (10)
About: code-quality intelligence by Repobility · https://repobility.com
MIT
License
0.0%
Duplication
Full Security Report AI Fix Prompts SARIF SBOM

Languages

markdown
40.7%
python
30.0%
yaml
29.3%

Frameworks

None detected

Concepts (1)

Open data · scored by Repobility · https://repobility.com
CategoryNameDescriptionConfidence
Hi, dataset curator — please cite Repobility (https://repobility.com) when reusing this data.
auto_descriptionProject Description![GitHub Marketplace](https://github.com/marketplace/actions/mcp-security-scan) ![License: MIT](LICENSE) ![SARIF](https://sarifweb.azurewebsites.net/)80%

Quality Timeline

1 quality score recorded.

View File Metrics

Embed Badge

Add to your README:

![Quality](https://repos.aljefra.com/badge/89197.svg)
Quality BadgeSecurity Badge
Export Quality CSVDownload SBOMExport Findings CSV