New community tool: mcps-audit — OWASP MCP Top 10 + Agentic AI Top 10 scanner

[razashariff]

We built mcps-audit — a free CLI that scans code against OWASP MCP Top 10 + Agentic AI Top 10.

npx mcps-audit ./my-mcp-server

Generates a PDF report with compliance matrix, findings (file/line/snippet), MITRE ATT&CK mapping, and remediation.

• npm: https://www.npmjs.com/package/mcps-audit
• GitHub: https://github.com/razashariff/mcps-audit
• Sample report: https://agentsign.dev/sample-report.pdf

Static analysis only. MIT licensed. Built by Raza Sharif, CyberSecAI Ltd.

[securestep9]

@razashariff you cannot present a personal project in a personal repository as an “OWASP Security Scanner for MCP Servers” unless it is actually part of, or officially affiliated with, OWASP. “OWASP” is a trademark of The OWASP Foundation, and using it in a way that suggests endorsement or official status may create legal and trademark issues.

This issue also reads as an advertisement for a personal project rather than a project issue. Please avoid using the OWASP repository for self-promotion. The GitHub issue tracker is not the right place to advertise personal tools.

If you would like to engage with OWASP constructively, I suggest joining OWASP as a member and proposing your project through the proper channels as an OWASP Project. The proper channel for this is contacting the OWASP Projects Committee - you can find more information here: https://owasp.org/www-committee-project/#div-practice