Auditing MCP Servers for Over-Privileged Tool Capabilities
This addresses security vulnerabilities in MCP servers for AI/ML tool integration, but it is incremental as it builds on existing security assessment methods.
The paper tackles the security problem of over-privileged capabilities in Model Context Protocol (MCP) servers, which can be exploited, and presents mcp-sec-audit, a toolkit that detects risky capabilities through static and dynamic analysis.
The Model Context Protocol (MCP) has emerged as a standard for connecting Large Language Models (LLMs) to external tools and data. However, MCP servers often expose privileged capabilities, such as file system access, network requests, and command execution that can be exploited if not properly secured. We present mcp-sec-audit, an extensible security assessment toolkit designed specifically for MCP servers. It implements static pattern matching for Python-based MCP servers and dynamic sandboxed fuzzing and monitoring via Docker and eBPF. The tool detects risky capabilities through configurable rule-based analysis and provides mitigation recommendations.