APAI.runv0.1
Registry/MCP Audit

MCP Audit

MCP server inspection, permission review, and connector risk scoring.

Medium risk
MCP auditv0.1.0-preview·by apai-officialVerified publisher (apai-official)See permission delta ->

About

Inspects an MCP server endpoint, enumerates declared tools and their schemas, reviews permission scopes, looks for broad-or-unscoped tool definitions, flags credential requests, and emits a risk score and detailed finding report. Read-only: does not modify the MCP server.

Native install

For environments with file or shell access (Codex, Claude Code, Gemini CLI, Cursor, local CLI). v0.1: the apai CLI is a scaffold; real install behavior lands in Phase 1.

$ apai install mcp-audit
$ apai passport mcp-audit
$ apai audit mcp-audit
$ apai rollback mcp-audit

The apai CLI is a TypeScript scaffold at v0.1. See /honest-status for the full shipped vs stubbed list.

Prompt install

Hosted chat apps (ChatGPT, Claude, Gemini, Grok) cannot silently install software. Paste the snippet below into the chat to load the package protocol for the current conversation only.

Install card (paste into chat)

Paste this into any LLM that does not have shell access to your machine - chatgpt.com, claude.ai, gemini.google.com, grok.com - and the model will load the Capability Passport and apply the package protocol. If you are using Claude Code, Codex, Cursor, Gemini CLI, or another tool-enabled agent, use apai install instead - it produces a durable install receipt.

Install https://apai.run/packages/mcp-audit for this chat. Load the capability passport. Given an MCP server URL, return a structured permission and risk audit. Do not authenticate against the server; describe the endpoint contract only.

Install card source: https://apai.run/packages/mcp-audit/llms.txt

Capability Passport

APAI.passport.v0.1Capability Passport

Reads

  • ·Publicly readable MCP server tool listings

Writes

  • ·Package-store audit profile artifact at ~/.apai/packages/mcp-audit/0.1.0-preview/profiles/mcp-audit-profile.json
  • ·Local audit report file when the operator asks

Accesses

  • ·Network endpoints declared by the user
$

Spends

  • ·No spend

Exposes

  • ·Package-store artifact and install receipt are local
  • ·Aggregated risk-finding summary if shared via cloud sync

Approvals required

  • ·Approval required for authenticated audit (when added)

Rollback

Uninstall via apai rollback mcp-audit --install-id <id>. Removes only verified package-store files recorded in the receipt. Delete generated audit reports separately.

Scanner

heuristic-stub-v0- no findings on v0.1 heuristic scanner

heuristic-stub-v0 means the v0.1 deterministic heuristic scanner found nothing. It does NOT mean the package is certified safe. Model-assisted prompt-injection, OAuth-scope review, dependency scanning, and publisher-signature verification land later. See honest status.