io.github.github/awesome-copilot/mcp-security-audit · vmain
Audit MCP (Model Context Protocol) server configurations for security issues. Use this skill when: - Reviewing .mcp.json files for security risks - Checking MCP server args for hardcoded secrets or shell injection patterns - Validating that MCP servers use pinned versions (not @latest) - Detecting unpinned dependencies in MCP server configurations - Auditing which MCP servers a project registers and whether they're on an approved list - Checking for environment variable usage vs. hardcoded credentials in MCP configs - Any request like "is my MCP config secure?", "audit my MCP servers", or "check .mcp.json" keywords: [mcp, security, audit, secrets, shell-injection, supply-chain, governance]
mcp-security-audit 是一个Agent Skill,收录自 SkillsMP。本页提供 Cursor、Claude Code 等客户端的安装配置片段。
Agent Skill 是带 SKILL.md 的指令包。安装后,AI 会根据 description 在匹配任务时自动加载,无需每次手动粘贴提示词。
选择你的平台查看安装方式
# 通用 CLI(Cursor / Claude Code / Codex 等均支持)
npx skills add github/awesome-copilot@mcp-security-audit安装完成后,在对话中直接描述你的任务(或提及技能名称)。Agent 会先读取 SKILL.md 的 description 判断是否启用,再按其中的步骤执行。可用 /skills(Claude Code)或在设置中查看已加载的 Skills。
vmain
io.github.millionco/react-doctor/react-doctor
Use when finishing a feature, fixing a bug, before committing React code, or when the user types `/doctor`, asks to scan, triage, or clean up React diagnostics. Covers lint, accessibility, bundle size, architecture. Includes a regression check and a full local-triage workflow that fetches the canonical playbook.
vmain
io.github.simstudioai/sim/emcn-design-review
Review UI code for alignment with the emcn design system — components, tokens, patterns, and conventions
vmain
io.github.mastra-ai/mastra/react-best-practices
React performance optimization guidelines from Mastra Engineering. This skill should be used when writing, reviewing, or refactoring React code to ensure optimal performance patterns. Triggers on tasks involving React components, data fetching, bundle optimization, or performance improvements.
vmain
io.github.sgl-project/sglang/cookbook-review-pr
Review a pull request against the SGLang Cookbook (docs_new/, Mintlify) contribution checklist — the config-driven format (per-model config + benchmarks JSX consumed by the shared _deployment.jsx / _playground.jsx engines). Run with /cookbook-review-pr <PR number>.
vmain
io.github.first-fluke/oh-my-agent/oma-mobile
Mobile specialist for Flutter, React Native, and Swift native iOS development. Use for mobile app, Flutter, Dart, React Native, Swift, SwiftUI, iOS, Android, Riverpod, swift-openapi-generator, and widget work.
vmain
io.github.first-fluke/oh-my-agent/oma-backend
Backend specialist for APIs, databases, authentication with clean architecture (Repository/Service/Router pattern). Use for API, endpoint, REST, database, server, migration, and auth work.
{
"id": "io.github.github/awesome-copilot/mcp-security-audit",
"type": "skill",
"version": "main",
"displayName": "mcp-security-audit",
"description": "Audit MCP (Model Context Protocol) server configurations for security issues. Use this skill when:\n- Reviewing .mcp.json files for security risks\n- Checking MCP server args for hardcoded secrets or shell injection patterns\n- Validating that MCP servers use pinned versions (not @latest)\n- Detecting unpinned dependencies in MCP server configurations\n- Auditing which MCP servers a project registers and whether they're on an approved list\n- Checking for environment variable usage vs. hardcoded credentials in MCP configs\n- Any request like \"is my MCP config secure?\", \"audit my MCP servers\", or \"check .mcp.json\"\nkeywords: [mcp, security, audit, secrets, shell-injection, supply-chain, governance]",
"author": {
"name": "github",
"url": "https://github.com/github"
},
"repository": {
"url": "https://github.com/github/awesome-copilot",
"source": "github",
"subfolder": "skills/mcp-security-audit"
},
"homepage": "https://skillsmp.com/skills/github-awesome-copilot-skills-mcp-security-audit-skill-md",
"distribution": {
"packages": [
{
"registryType": "source",
"identifier": "github/awesome-copilot@mcp-security-audit",
"version": "main",
"runtimeHint": "npx skills add"
}
],
"remotes": []
},
"dependencies": [],
"installTargets": [
"claude-code",
"claude-desktop",
"cursor",
"codex",
"vscode"
],
"keywords": [
"stars:34735"
],
"provenance": {
"origin": "skillsmp",
"originalId": "github-awesome-copilot-skills-mcp-security-audit-skill-md",
"originalUrl": "https://skillsmp.com/skills/github-awesome-copilot-skills-mcp-security-audit-skill-md",
"isOfficial": false,
"status": "active"
}
}