Run any Skill in Manus with one click

mcp-security-auditor

Stars22

Forks3

UpdatedMay 15, 2026 at 04:37

On-demand audit of MCP usage. Reads .aura/security/mcp-audit.jsonl, surfaces blocked calls, rate-limit hits, suspicious input patterns. Companion to mcp-call-gate hook (which produces the audit log).

Installation

Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.

Run Skill in Manus

Source

nguyenthienthanh

nguyenthienthanh/aura-frog

View GitHub Repository View Creator Repositories

Download

Run Skill in Manus

Related occupationsSOC

Based on SOC occupation classification

Information Security AnalystsComputer and Mathematical Occupations·SOC 15-1212

SKILL.md

readonly

name	mcp-security-auditor
description	On-demand audit of MCP usage. Reads .aura/security/mcp-audit.jsonl, surfaces blocked calls, rate-limit hits, suspicious input patterns. Companion to mcp-call-gate hook (which produces the audit log).
when_to_use	/aura-frog:mcp audit, security review, post-incident forensics on MCP calls
allowed-tools	Read, Glob, Grep, Bash
effort	low
user-invocable	false

AI-consumed reference. Optimized for Claude to read during execution. Human-readable explanation: see docs/architecture/HIERARCHICAL_PLANNING.md or docs/getting-started/ depending on topic.

MCP Security Auditor

STATUS — v3.7.0-rc.1. Read-only auditor; does not enforce — that's mcp-call-gate.cjs's job.

Behavior

Read .aura/security/mcp-audit.jsonl (append-only; produced by hooks/mcp-call-gate.cjs)
Group entries by:
- Agent → MCP server → method
- Time bucket (last 1h / 24h / session)
- Status (success / blocked / rate-limited)
Project to TOON (via scripts/json-to-toon.cjs --schema generic or custom fields) — NEVER load raw JSONL into context
Surface findings categorized as:
- Blocked calls (BLOCKED:true) — deserve investigation
- Rate-limit warnings — soft (80%) or hard (100%) hits
- Suspicious patterns — destructive SQL detected, large output (>10KB), high frequency

What this skill does NOT do

Does NOT enforce — mcp-call-gate.cjs is the enforcement layer
Does NOT mutate the audit log (append-only by design)
Does NOT call MCPs itself (read-only on the audit file)
Does NOT proxy MCP calls — the gate hook intercepts at PreToolUse
Does NOT decide policy — rules/agent/mcp-security-policy.md is authoritative

Audit log schema (per spec §23.2)

{"ts":"2026-05-07T...","agent":"architect","mcp":"context7","method":"query","input":{"q":"React hooks"},"output_size_bytes":4521,"latency_ms":234,"success":true}
{"ts":"2026-05-07T...","agent":"backend","mcp":"postgres","method":"query","input":{"sql":"DROP TABLE users"},"BLOCKED":true,"reason":"destructive_op_blocked"}
{"ts":"2026-05-07T...","agent":"frontend","mcp":"figma","method":"download_image","input":{"url":"..."},"success":true,"rate_limit":"80%_warn"}

Sanitized input fields per scripts/security/sanitize-mcp-input.sh:

Authorization headers stripped
Tokens/secrets replaced with [REDACTED]
Content-Length > 1KB → truncated with ... [N more bytes]

Output (TOON)

mcp_audit_summary{window,total_calls,blocked,rate_limit_hits,top_agent,top_mcp}:
  24h,142,3,2,architect,context7

blocked[3]{ts,agent,mcp,reason}:
  2026-05-07T10:30,backend,postgres,destructive_op_blocked
  2026-05-07T11:45,frontend,figma,allowlist_violation
  2026-05-07T12:10,architect,redis,destructive_op_blocked

Retention (per spec §23.2)

AF_MCP_AUDIT_RETENTION_DAYS=30 (default) — older entries are pruned by a session-start sweep (NOT this skill).

Tie-Ins

Spec: §9.10, §23 (MCP security)
Hook: hooks/mcp-call-gate.cjs — sole writer of .aura/security/mcp-audit.jsonl
Script: scripts/security/sanitize-mcp-input.sh — sanitization run by the gate before logging
Rule: rules/agent/mcp-security-policy.md — authoritative policy
Rule: rules/agent/db-access-policy.md — DB-specific subset (architect/tdd-engineer only, read-only default, destructive ops blocked)
Command: /aura-frog:mcp audit — primary user-facing entry to this skill
Skill: Reuses scripts/json-to-toon.cjs to project the JSONL into context-friendly TOON

More from this repository

same repository

agent-detector

nguyenthienthanh/aura-frog

CRITICAL: MUST run for EVERY message. Detects agent, complexity, AND model automatically. Without this, tasks route to wrong agents and use wrong models, degrading quality and wasting tokens.

2026-06-1022

problem-solving

nguyenthienthanh/aura-frog

5 techniques for different problem types. Use when stuck or facing complex challenges.

2026-06-1022

sequential-thinking

nguyenthienthanh/aura-frog

Structured thinking process for complex analysis. Supports revision, branching, and dynamic adjustment.

2026-06-1022

angular-expert

nguyenthienthanh/aura-frog

Angular 17+ gotchas and decision criteria. Covers signals vs observables, standalone patterns, and common pitfalls Claude gets wrong.

2026-05-1522

api-designer

nguyenthienthanh/aura-frog

Designs RESTful APIs with endpoint naming, versioning strategies (URL path, header-based), pagination (offset and cursor), error response schemas, and OpenAPI conventions. Use when the user asks about REST API design, creating endpoints, URL structure, API versioning, status codes, Swagger, or OpenAPI specs.

2026-05-1522

bugfix-quick

nguyenthienthanh/aura-frog

Fast bug fixes with root cause investigation + TDD. Enforces 'no fix without root cause' discipline and verification protocol. Without this skill, fixes are applied at symptoms instead of sources, and bugs return.

2026-05-1522

name	mcp-security-auditor
description	On-demand audit of MCP usage. Reads .aura/security/mcp-audit.jsonl, surfaces blocked calls, rate-limit hits, suspicious input patterns. Companion to mcp-call-gate hook (which produces the audit log).
when_to_use	/aura-frog:mcp audit, security review, post-incident forensics on MCP calls
allowed-tools	Read, Glob, Grep, Bash
effort	low
user-invocable	false

AI-consumed reference. Optimized for Claude to read during execution. Human-readable explanation: see docs/architecture/HIERARCHICAL_PLANNING.md or docs/getting-started/ depending on topic.

MCP Security Auditor

STATUS — v3.7.0-rc.1. Read-only auditor; does not enforce — that's mcp-call-gate.cjs's job.

Behavior

Read .aura/security/mcp-audit.jsonl (append-only; produced by hooks/mcp-call-gate.cjs)
Group entries by:
- Agent → MCP server → method
- Time bucket (last 1h / 24h / session)
- Status (success / blocked / rate-limited)
Project to TOON (via scripts/json-to-toon.cjs --schema generic or custom fields) — NEVER load raw JSONL into context
Surface findings categorized as:
- Blocked calls (BLOCKED:true) — deserve investigation
- Rate-limit warnings — soft (80%) or hard (100%) hits
- Suspicious patterns — destructive SQL detected, large output (>10KB), high frequency

What this skill does NOT do

Does NOT enforce — mcp-call-gate.cjs is the enforcement layer
Does NOT mutate the audit log (append-only by design)
Does NOT call MCPs itself (read-only on the audit file)
Does NOT proxy MCP calls — the gate hook intercepts at PreToolUse
Does NOT decide policy — rules/agent/mcp-security-policy.md is authoritative

Audit log schema (per spec §23.2)

{"ts":"2026-05-07T...","agent":"architect","mcp":"context7","method":"query","input":{"q":"React hooks"},"output_size_bytes":4521,"latency_ms":234,"success":true}
{"ts":"2026-05-07T...","agent":"backend","mcp":"postgres","method":"query","input":{"sql":"DROP TABLE users"},"BLOCKED":true,"reason":"destructive_op_blocked"}
{"ts":"2026-05-07T...","agent":"frontend","mcp":"figma","method":"download_image","input":{"url":"..."},"success":true,"rate_limit":"80%_warn"}

Sanitized input fields per scripts/security/sanitize-mcp-input.sh:

Authorization headers stripped
Tokens/secrets replaced with [REDACTED]
Content-Length > 1KB → truncated with ... [N more bytes]

Output (TOON)

mcp_audit_summary{window,total_calls,blocked,rate_limit_hits,top_agent,top_mcp}:
  24h,142,3,2,architect,context7

blocked[3]{ts,agent,mcp,reason}:
  2026-05-07T10:30,backend,postgres,destructive_op_blocked
  2026-05-07T11:45,frontend,figma,allowlist_violation
  2026-05-07T12:10,architect,redis,destructive_op_blocked

Retention (per spec §23.2)

AF_MCP_AUDIT_RETENTION_DAYS=30 (default) — older entries are pruned by a session-start sweep (NOT this skill).

Tie-Ins

Spec: §9.10, §23 (MCP security)
Hook: hooks/mcp-call-gate.cjs — sole writer of .aura/security/mcp-audit.jsonl
Script: scripts/security/sanitize-mcp-input.sh — sanitization run by the gate before logging
Rule: rules/agent/mcp-security-policy.md — authoritative policy
Rule: rules/agent/db-access-policy.md — DB-specific subset (architect/tdd-engineer only, read-only default, destructive ops blocked)
Command: /aura-frog:mcp audit — primary user-facing entry to this skill
Skill: Reuses scripts/json-to-toon.cjs to project the JSONL into context-friendly TOON