Stats
Actions
Tags
From soundcheck
Audits MCP tool handlers for malicious input, hardcoded secrets, and unrestricted file/shell access. Invoke when building or reviewing MCP server definitions and tool schemas.
How this skill is triggered — by the user, by Claude, or both
Slash command
/soundcheck:mcp-securityThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Prevents MCP tool handlers from being exploited via malicious inputs, hardcoded secrets,
Prevents MCP tool handlers from being exploited via malicious inputs, hardcoded secrets, unrestricted file access, or shell injection. A compromised MCP server gives attackers direct access to the host environment.
Flag the vulnerable code and explain the risk. Then suggest a fix that establishes these properties:
insecure-plugin-design skill.Translate each principle to the MCP SDK and language of the audited handler. Use the SDK's documented schema-validation, path-resolution, and process-execution APIs — do not hand-roll equivalents.
Confirm the response:
npx claudepluginhub thejefflarson/soundcheck --plugin soundcheckAudits an MCP server for LLM-specific security gaps across eight axes: injection surfaces, blast radius, destructive ops, auth shape, input sinks, tenant isolation, leakage, and HTTP deployment. Use before a release or after handler changes.
Audits and implements WebMCP security: permission model, honest descriptions, data minimization, input validation, fingerprinting prevention, fraud mitigations. Use for tool implementations.
Tests AI IDEs for MCP configuration poisoning vulnerabilities, assessing auto-loading of untrusted workspace configs and tool approval controls across four interaction tiers.