CuratedMCP
Free forever — no account required

MCP Auditor

One command scans every MCP server on your machine and flags anything that looks risky. Works with Claude Desktop, Cursor, Claude Code, and Windsurf.

npx @curatedmcp/auditor
View on GitHub Get weekly alerts — $9/mo

Sample output

MCP Security Audit — 2026-04-06

Found 4 config files. 12 servers detected.

HIGH RISK (2)

filesystem-mcp — UNVERIFIED, FILE_SYSTEM_ACCESS

~/.cursor/mcp.json — npx filesystem-mcp --allow-write /Users

unknown-tool — CREDENTIAL_IN_ENV

~/Library/Application Support/Claude/claude_desktop_config.json

VERIFIED (8)

✓ stripe-mcp, github-mcp, notion-mcp ...

⚡ Auditor Pro — get weekly email alerts for new risks

https://curatedmcp.com/auditor#pro

What it checks

Credential leaks

Detects SECRET, TOKEN, API_KEY inside env blocks

Filesystem access

Flags --allow-write and broad path arguments

Unverified servers

Checks against the CuratedMCP verified catalog

Free

$0 forever

  • Runs entirely on your machine — no data sent anywhere
  • No install required — just npx
  • Exit code 1 on HIGH risk — works in CI
  • --json flag for scripting and automation
  • --offline flag for air-gapped environments
  • Open source — MIT license
npx @curatedmcp/auditor
PRO

Auditor Pro

$9 /month

  • Immediate email alert when a new HIGH-risk server appears
  • Full scan history — see how your risk profile changes over time
  • Weekly reminder email if you haven't scanned in 7+ days
  • Dashboard showing all past scans, diffs, and trends
  • Sync results with --key flag: npx @curatedmcp/auditor --key cmcp_...
Start Auditor Pro — $9/mo

Cancel anytime · Billed via Stripe

Supported clients

How Auditor Pro works

  1. 1Buy Auditor Pro — you'll receive a license key by email (cmcp_...)
  2. 2Add the key as an env var: export CURATEDMCP_KEY=cmcp_...
  3. 3Run npx @curatedmcp/auditor as usual — results sync automatically
  4. 4Get an immediate email if a new HIGH-risk server appears
  5. 5Every Monday: reminder email if you haven't scanned in 7+ days

Running MCP across a team?

CuratedMCP Enterprise gives you centralized config generation, a verified server catalog, and the audit trail your security team needs.

Learn about Enterprise