Files
Anthropic-Cybersecurity-Skills/skills/auditing-mcp-servers-for-tool-poisoning/references/api-reference.md
T
mukul975 8cae0648ec Add 55 new skills across 3 new domains + 6 undercovered areas (762 -> 817)
Demand-driven expansion targeting the fastest-growing 2025-2026 threat and
skills categories (ISC2/WEF/CrowdStrike/Mandiant signals):

- AI Security (NEW domain, 12 skills): LLM red-teaming with garak/PyRIT,
  prompt injection (direct/indirect/RAG), MCP tool-poisoning, agentic tool
  invocation, guardrails, model/data poisoning, system-prompt leakage,
  embedding/vector weaknesses, model extraction, continuous red-teaming
- Supply Chain Security (NEW domain, 5 skills): SBOMs, dependency confusion,
  malicious-npm triage, typosquatting, SLSA/Sigstore provenance
- Hardware & Firmware Security (NEW domain, 4 skills): CHIPSEC/UEFI audit,
  Secure Boot bypass, TPM measured-boot attestation, ESP bootkit hunting
- Identity (10): Entra ID/ROADtools, GraphRunner, AADInternals, ADCS/Certipy,
  shadow credentials, coercion, BloodHound CE, device-code phishing, SSO abuse
- Cloud-native (8): Stratus, Pacu, CloudFox, container escape, K8s RBAC,
  Falco, Trivy, kube-bench
- Offensive C2 (6): Sliver, Havoc, NetExec, DPAPI, NTLM relay ESC8, redirectors
- DFIR (6): Hayabusa, Chainsaw, KAPE, Velociraptor, EZ Tools, Plaso
- Backfill (4): OpenCTI, MISP, honeytokens, post-quantum crypto migration

Each skill follows the repo taxonomy (SKILL.md + references/{standards,api-reference}.md
+ scripts/agent.py + LICENSE), with researched real tool commands (no placeholders),
complete frontmatter, and ATT&CK/ATLAS + NIST CSF mappings. Updates README domain
table, skill count, and index.json.
2026-06-22 19:08:16 +02:00

2.2 KiB

API Reference — MCP Server Auditing

mcp-scan CLI (Invariant Labs)

Run via uvx (no global install): uvx mcp-scan@latest

Command Description
mcp-scan / mcp-scan scan [config] Statically scan MCP configs for poisoning, shadowing, rug pulls, toxic flows
mcp-scan inspect [config] Print tool/prompt/resource descriptions without verification
mcp-scan proxy Runtime proxy: monitor and guardrail MCP traffic (requires [proxy] extra)
--json Emit machine-readable JSON report

Examples:

uvx mcp-scan@latest ~/.vscode/mcp.json
uvx mcp-scan@latest inspect ~/.cursor/mcp.json
uvx --with "mcp-scan[proxy]" mcp-scan@latest proxy

mcp-scan features: tool pinning (hash-based rug-pull detection), cross-origin escalation checks, toxic-flow analysis.

MCP Python SDK

Install: pip install mcp

API Description
StdioServerParameters(command, args) Define a stdio MCP server to launch
stdio_client(params) Async context manager yielding (read, write) streams
ClientSession(read, write) MCP client session
session.initialize() Perform MCP handshake
session.list_tools() Return advertised tools (.tools[].name, .description, .inputSchema)
session.list_prompts() List advertised prompts
session.list_resources() List advertised resources
session.call_tool(name, args) Invoke a tool (use for SSRF probing on owned servers)

Common MCP config locations

Client Path
Cursor ~/.cursor/mcp.json
VS Code ~/.vscode/mcp.json
Claude Desktop ~/Library/Application Support/Claude/claude_desktop_config.json (macOS)

SSRF probe targets (owned systems only)

Target Purpose
http://169.254.169.254/latest/meta-data/ AWS instance metadata (IMDS)
http://metadata.google.internal/ GCP metadata
http://127.0.0.1:<port>/ Loopback services
file:///etc/passwd Local file disclosure

External References