Files
Anthropic-Cybersecurity-Skills/skills/auditing-mcp-servers-for-tool-poisoning/references/api-reference.md
T
mukul975 8cae0648ec Add 55 new skills across 3 new domains + 6 undercovered areas (762 -> 817)
Demand-driven expansion targeting the fastest-growing 2025-2026 threat and
skills categories (ISC2/WEF/CrowdStrike/Mandiant signals):

- AI Security (NEW domain, 12 skills): LLM red-teaming with garak/PyRIT,
  prompt injection (direct/indirect/RAG), MCP tool-poisoning, agentic tool
  invocation, guardrails, model/data poisoning, system-prompt leakage,
  embedding/vector weaknesses, model extraction, continuous red-teaming
- Supply Chain Security (NEW domain, 5 skills): SBOMs, dependency confusion,
  malicious-npm triage, typosquatting, SLSA/Sigstore provenance
- Hardware & Firmware Security (NEW domain, 4 skills): CHIPSEC/UEFI audit,
  Secure Boot bypass, TPM measured-boot attestation, ESP bootkit hunting
- Identity (10): Entra ID/ROADtools, GraphRunner, AADInternals, ADCS/Certipy,
  shadow credentials, coercion, BloodHound CE, device-code phishing, SSO abuse
- Cloud-native (8): Stratus, Pacu, CloudFox, container escape, K8s RBAC,
  Falco, Trivy, kube-bench
- Offensive C2 (6): Sliver, Havoc, NetExec, DPAPI, NTLM relay ESC8, redirectors
- DFIR (6): Hayabusa, Chainsaw, KAPE, Velociraptor, EZ Tools, Plaso
- Backfill (4): OpenCTI, MISP, honeytokens, post-quantum crypto migration

Each skill follows the repo taxonomy (SKILL.md + references/{standards,api-reference}.md
+ scripts/agent.py + LICENSE), with researched real tool commands (no placeholders),
complete frontmatter, and ATT&CK/ATLAS + NIST CSF mappings. Updates README domain
table, skill count, and index.json.
2026-06-22 19:08:16 +02:00

60 lines
2.2 KiB
Markdown

# API Reference — MCP Server Auditing
## mcp-scan CLI (Invariant Labs)
Run via uvx (no global install): `uvx mcp-scan@latest`
| Command | Description |
|---------|-------------|
| `mcp-scan` / `mcp-scan scan [config]` | Statically scan MCP configs for poisoning, shadowing, rug pulls, toxic flows |
| `mcp-scan inspect [config]` | Print tool/prompt/resource descriptions without verification |
| `mcp-scan proxy` | Runtime proxy: monitor and guardrail MCP traffic (requires `[proxy]` extra) |
| `--json` | Emit machine-readable JSON report |
Examples:
```bash
uvx mcp-scan@latest ~/.vscode/mcp.json
uvx mcp-scan@latest inspect ~/.cursor/mcp.json
uvx --with "mcp-scan[proxy]" mcp-scan@latest proxy
```
mcp-scan features: tool pinning (hash-based rug-pull detection), cross-origin escalation checks, toxic-flow analysis.
## MCP Python SDK
Install: `pip install mcp`
| API | Description |
|-----|-------------|
| `StdioServerParameters(command, args)` | Define a stdio MCP server to launch |
| `stdio_client(params)` | Async context manager yielding (read, write) streams |
| `ClientSession(read, write)` | MCP client session |
| `session.initialize()` | Perform MCP handshake |
| `session.list_tools()` | Return advertised tools (`.tools[].name`, `.description`, `.inputSchema`) |
| `session.list_prompts()` | List advertised prompts |
| `session.list_resources()` | List advertised resources |
| `session.call_tool(name, args)` | Invoke a tool (use for SSRF probing on owned servers) |
## Common MCP config locations
| Client | Path |
|--------|------|
| Cursor | `~/.cursor/mcp.json` |
| VS Code | `~/.vscode/mcp.json` |
| Claude Desktop | `~/Library/Application Support/Claude/claude_desktop_config.json` (macOS) |
## SSRF probe targets (owned systems only)
| Target | Purpose |
|--------|---------|
| `http://169.254.169.254/latest/meta-data/` | AWS instance metadata (IMDS) |
| `http://metadata.google.internal/` | GCP metadata |
| `http://127.0.0.1:<port>/` | Loopback services |
| `file:///etc/passwd` | Local file disclosure |
## External References
- mcp-scan README: https://github.com/invariantlabs-ai/mcp-scan/blob/main/README.md
- MCP spec: https://modelcontextprotocol.io/specification
- MCP Python SDK: https://github.com/modelcontextprotocol/python-sdk