원클릭으로
audit-mcp
Audit every configured MCP server — trust level, allowlist, last-update, risk flags
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Audit every configured MCP server — trust level, allowlist, last-update, risk flags
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
Build human-readable release notes from a range of commits or merged PRs
Produce a weekly "What's new in Hermes" digest by summarizing merged PRs + active issues from NousResearch/hermes-agent
Sweep inbox (email + Slack + Telegram DMs) and produce a prioritized action list with suggested replies
Prepare a 1-page brief for an upcoming meeting by combining calendar context, recent threads with attendees, and relevant docs
Classify incoming messages from public channels as spam / prompt-injection-attempt / genuine; quarantine risky ones
Delegate a PR review to Claude Code with a scoped read-only GitHub PAT
| name | audit-mcp |
| description | Audit every configured MCP server — trust level, allowlist, last-update, risk flags |
| when_to_use | ["User asks to audit or review MCP configuration","Scheduled weekly security check","After installing a new MCP server",{"Before granting `allow_sampling":"true`"}] |
| toolsets | ["terminal","file"] |
Walk every server declared in ~/.hermes/config.yaml under mcp_servers: and produce a structured report with risk flags.
Read the config. Load ~/.hermes/config.yaml and extract the mcp_servers: block. If the block is empty or missing, report "No MCP servers configured" and exit.
For each server, collect:
stdio if command: present, http if url: present)trust: level (trusted / community / untrusted; default community if unset)allow_sampling: flag (default false)tools_allowlist: presence and lengthargs:), git URL, or HTTP originnpm view <pkg> time.modifiedgit -C <path> log -1 --format=%cIHEAD and grab Last-ModifiedRisk-flag each server:
trust: trusted AND reads untrusted content (web scraping, email parsing, public RSS). List any tool names matching /scrape|fetch|email|rss|crawl/i as evidence.allow_sampling: true AND trust is not trusted.tools_allowlist for a server with > 10 tools exposed.${VAR} in env: is not set in ~/.hermes/.env.enabled_for, making the server available in every profile.Render a table. Columns: name, transport, trust, sampling, tools-allowed / tools-exposed, last-update age, flags.
Summarize next steps. Group findings by flag color and recommend:
trust: to community or untrusted, disable sampling, add tools_allowlist."npm update <pkg> or rebuild the git source; verify release notes."tools_allowlist: with the specific tools you actually use."Offer to apply fixes. Ask the user if they'd like to:
trusted → communityallow_sampling on flagged serverstools_allowlist based on hermes logs usage historyNever auto-apply without confirmation.
Report as markdown. Paste into Telegram / Discord / dashboard as-is. Example:
## MCP Security Audit — 2026-04-17
### 🔴 HIGH (1)
- **random-scraper** — trusted + reads untrusted content (`scrape_url`, `fetch_rss`)
### 🟡 MEDIUM (2)
- **postgres** — last updated 127 days ago (package @modelcontextprotocol/server-postgres)
- **github** — no tools_allowlist, 34 tools exposed
### 🟢 LOW (1)
- **filesystem** — enabled_for empty, loads in every profile
### Recommendations
1. Change `random-scraper` to `trust: untrusted` and add tools_allowlist.
2. `npm update @modelcontextprotocol/server-postgres`.
3. Scope `github` to the 6 tools actually used in last 30d.
cron.yaml to run weekly (see Part 19).terminal to exec npm view / git log; uses file to read the config.