---
name: mcp-tool-audit
description: Use when reviewing MCP server configs, agent tool schemas, Claude Desktop tool setup, Cursor/agent integrations, or AI automation tools for safety boundaries before production use.
---

# MCP Tool Audit

Use this skill to produce a quick, redacted safety review of MCP servers and agent tools before they are connected to real accounts or production data.

## Workflow

1. Collect the MCP config, tool schemas, and any tool descriptions.
2. Run the audit:
   ```bash
   npm test
   npm run demo
   ```
3. Classify findings into `high`, `medium`, and `low`.
4. Prioritize approval gates for destructive, financial, email, publishing, cloud-admin, and filesystem-wide tools.
5. Replace broad secrets with least-privilege credentials.
6. Deliver a redacted report and a short patch plan.

## What To Look For

- Shell commands using `bash`, `sh`, `python -c`, `node -e`, `curl | sh`, or similar patterns.
- Environment variables containing secrets in shared config files.
- Tools that can delete, publish, transfer funds, send messages, create users, or mutate cloud resources.
- Tool descriptions that embed instructions to ignore policies or hide behavior.
- Missing human approval for irreversible external actions.

## Guardrails

- Never paste raw API keys, cookies, private keys, or recovery codes into the report.
- Do not test live production systems without written authorization.
- Do not claim a formal security audit unless a formal scope and methodology were agreed.
- Prefer concrete patches and verification commands over vague warnings.