Summary
30 Semgrep rules for detecting security vulnerabilities in MCP (Model Context Protocol) server implementations. Covers JavaScript, TypeScript, and Python.
Rules
| Category |
Count |
What it catches |
| Missing authentication |
3 |
MCP endpoints without auth middleware |
| No input validation |
3 |
Missing inputSchema, unvalidated tool arguments |
| Hardcoded secrets |
3 |
API keys/tokens embedded in MCP configs |
| Binding to 0.0.0.0 |
2 |
Servers exposed on all interfaces |
| Missing TLS |
4 |
Plaintext HTTP/WS, disabled cert verification |
| Command injection |
4 |
exec/execSync, os.system, subprocess with shell=True |
| No rate limiting |
2 |
Servers without rate limit middleware |
| Unsafe eval/exec |
4 |
eval(), exec(), new Function() in handlers |
| Bonus (path traversal, SQLi, CORS, data leak, verbose errors) |
5 |
Additional common MCP vulnerabilities |
All rules include CWE codes, OWASP 2021 Top 10 references, and links to the OWASP MCP Security Cheat Sheet.
Why This Matters
- MCP has 97M monthly SDK downloads
- 30 CVEs filed in 60 days (early 2026)
- 492 servers exposed with zero auth (Trend Micro)
- No existing Semgrep rules for MCP security
References
Source
Rules file: https://github.com/razashariff/agentpass-pentest/blob/main/semgrep-mcp-rules.yaml
Happy to submit a PR following your contribution guidelines.
Summary
30 Semgrep rules for detecting security vulnerabilities in MCP (Model Context Protocol) server implementations. Covers JavaScript, TypeScript, and Python.
Rules
All rules include CWE codes, OWASP 2021 Top 10 references, and links to the OWASP MCP Security Cheat Sheet.
Why This Matters
References
Source
Rules file: https://github.com/razashariff/agentpass-pentest/blob/main/semgrep-mcp-rules.yaml
Happy to submit a PR following your contribution guidelines.