CuratedMCP
Free forever — no account required

MCP Auditor

One command scans every MCP server on your machine and flags anything that looks risky. Works with Claude Desktop, Cursor, Claude Code, and Windsurf.

View on GitHub Get weekly alerts — $9/mo

Sample output

MCP Security Audit — 2026-04-06

Found 4 config files. 12 servers detected.

HIGH RISK (2)

filesystem-mcp — UNVERIFIED, FILE_SYSTEM_ACCESS

~/.cursor/mcp.json — npx filesystem-mcp --allow-write /Users

unknown-tool — CREDENTIAL_IN_ENV

~/Library/Application Support/Claude/claude_desktop_config.json

VERIFIED (8)

✓ stripe-mcp, github-mcp, notion-mcp ...

⚡ Auditor Pro — get weekly email alerts for new risks

https://curatedmcp.com/auditor#pro

What it checks

Credential leaks

Detects SECRET, TOKEN, API_KEY inside env blocks

Filesystem access

Flags --allow-write and broad path arguments

Unverified servers

Checks against the CuratedMCP verified catalog

Free

$0 forever

  • Runs entirely on your machine — no data sent anywhere
  • No install required — just npx
  • Exit code 1 on HIGH risk — works in CI
  • --json flag for scripting and automation
  • --offline flag for air-gapped environments
  • Open source — MIT license
PRO

Auditor Pro

$9 /month

  • Immediate email alert when a new HIGH-risk server appears
  • Full scan history — see how your risk profile changes over time
  • Weekly reminder email if you haven't scanned in 7+ days
  • Dashboard showing all past scans, diffs, and trends
  • Sync results with --key flag: npx @curatedmcp/auditor --key cmcp_...
Start Auditor Pro — $9/mo

Cancel anytime · Billed via Stripe

Supported clients

How Auditor Pro works

  1. 1Buy Auditor Pro — you'll receive a license key by email (cmcp_...)
  2. 2Add the key as an env var: export CURATEDMCP_KEY=cmcp_...
  3. 3Run npx @curatedmcp/auditor as usual — results sync automatically
  4. 4Get an immediate email if a new HIGH-risk server appears
  5. 5Every Monday: reminder email if you haven't scanned in 7+ days

Running MCP across a team?

CuratedMCP Enterprise gives you centralized config generation, a verified server catalog, and the audit trail your security team needs.

Learn about Enterprise