- Home
- MCP servers
- MCP Web Audit
MCP Web Audit
- javascript
5
GitHub Stars
javascript
Language
6 months ago
First Indexed
2 months ago
Catalog Refreshed
Documentation & install
Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.
Installation
Add the following to your MCP client configuration file.
Configuration
View docs{
"mcpServers": {
"shen-zhihao-mcp-web-audit": {
"command": "node",
"args": [
"src/mcpServer.js"
]
}
}
}You run an MCP server that performs automated front-end project security audits. It analyzes both local projects and remote repositories, produces Markdown audit reports, and can be used directly through an MCP client or via a local runtime. This server-based approach helps you consistently audit dependencies, identify vulnerabilities, and receive actionable fix recommendations.
How to use
You can audit local projects or remote repositories by connecting an MCP client to the server. Start the MCP server locally, then invoke the audit function from your client to generate a structured report. The server handles parsing the project, analyzing direct and indirect dependencies, running a security scan, and rendering a Markdown report that includes a project overview, a vulnerability summary, and a detailed list of each issue with fixes.
Typical workflow steps after you have the server running:
-
- Start the MCP server locally
-
- From your MCP client, request an audit for a local project or a remote repository
-
- Receive a structured audit result and save the Markdown report to a file
-
- Review the vulnerability details, severity, affected packages, and recommended fixes
Because the server performs automated analysis, you can integrate it into CI pipelines to continuously audit dependencies and fail builds when critical issues are detected. The server supports producing a standalone Markdown report that you can store, share, or attach to issue trackers.
How to install
Prerequisites you need before installation:
- Network access for remote audits
- At least 100 MB free disk space for temporary files and reports
Install and run the MCP server locally using the following commands.
# Clone the repository
git clone https://github.com/shenzhihao/mcp-web-audit.git
cd mcp-web-audit
# Install dependencies
npm install
# Start the MCP server (stdio configuration)
node src/mcpServer.js
When the server is running, you can connect your MCP client to perform audits and generate reports. If you prefer not to build locally, you can run the provided runtime commands that target the local server entry point.
Configuration and notes
The server exposes a standard MCP runtime that you start with a Node.js command. No additional configuration is required for basic usage, but you can customize how audits are triggered and where reports are saved from your client. Ensure your client uses the server’s audit endpoint to request an audit for either a local project path or a remote repository URL. The server will process the request, scan dependencies, and render a Markdown report that includes a project overview, vulnerability counts by severity, and a detailed list of issues with fixes.
Troubleshooting
If audits fail or reports fail to generate, verify that Node.js is properly installed, the working directory contains the project you intend to audit, and network access is available for remote repository audits. Check that the server is running and listening on the expected entry point, and consult your MCP client for any error messages related to the audit request or report saving path.
Available tools
auditPackage
Audits a specified project or repository and generates a report, handling both local paths and remote URLs.
parseLocalProject
Parses a local project to extract dependencies and project metadata for auditing.
parseRemoteProject
Parses a remote repository URL to prepare it for auditing.
npmAudit
Performs a security scan on npm dependencies as part of the audit process.
renderMarkdown
Renders the audit results into a Markdown report with a project overview, vulnerability summary, and detailed findings.
generateLock
Generates a lock file for dependency versions as part of the preparation step.
getDepChain
Analyzes the complete dependency chain including indirect dependencies.
currentAudit
Represents the current audit session and orchestrates the auditing flow.
remoteAudit
Coordinates auditing tasks that involve remote repositories.
mcpServer
The MCP server entry point that exposes the audit service to MCP clients.