Skip to content

Add mcp-security-baseline skill#2212

Merged
aaronpowell merged 4 commits into
github:mainfrom
Swethakumar1:add-mcp-security-baseline-skill
Jul 9, 2026
Merged

Add mcp-security-baseline skill#2212
aaronpowell merged 4 commits into
github:mainfrom
Swethakumar1:add-mcp-security-baseline-skill

Conversation

@Swethakumar1

@Swethakumar1 Swethakumar1 commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

Add skill: mcp-security-baseline

An Agent Skill that reviews MCP server and client source code against a security
baseline and produces a compliance report with file/line evidence.

Checks: 5 baseline controls (authentication & identity isolation, sessions, rate
limiting, input-schema validation, official-SDK usage), 7 RCE vectors (command injection,
dynamic code eval, unsafe deserialization, path traversal, SSTI, dependency hijacking,
SSRF), and the OWASP MCP Top 10. Six-step process; uses NEEDS INVESTIGATION when source
alone can't decide.

Distinct from the existing mcp-security-audit skill, which audits .mcp.json configuration — this reviews server/client source code.

Validation: npm run skill:validate ✅ and npm run build ✅ (adds one row to
docs/README.skills.md). Single self-contained SKILL.md (matches existing skills like
agent-owasp-compliance). Blind-tested against intentionally vulnerable MCP repos across
multiple models (100% recall on planted vulnerabilities, zero false negatives).

Copilot AI review requested due to automatic review settings July 4, 2026 00:04
@Swethakumar1 Swethakumar1 requested a review from aaronpowell as a code owner July 4, 2026 00:04
@github-actions github-actions Bot added new-submission PR adds at least one new contribution skills PR touches skills labels Jul 4, 2026
@github-actions

github-actions Bot commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

🔒 PR Risk Scan Results

Scanned 2 changed file(s).

Severity Count
🔴 High 0
🟠 Medium 2
ℹ️ Info 0
Severity Rule File Line Match
🟠 package-exec-command docs/README.skills.md 31 | [acreadiness-assess](../skills/acreadiness-assess/SKILL.md)<br />`gh skills install github/awesome-copilot acreadiness-assess` | Run the AgentRC readiness assessment on the curre
🟠 unpinned-version-indicator skills/mcp-security-baseline/SKILL.md 221 | Dependency hijacking | Unpinned deps such as `"lodash": "^4.0.0"`; internal package names resolvable from public registries | Pin exact versions, keep lock files with integrity h

This is an automated soft-gate report. Findings indicate review targets and do not block merge by themselves.

@github-actions

github-actions Bot commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

🔍 Vally Lint Results

✅ All checks passed

Scope Checked
Skills 1
Agents 0
Total 1
Severity Count
❌ Errors 0
⚠️ Warnings 0
ℹ️ Advisories 0

Summary

Level Finding
ℹ️ npm warn EBADENGINE Unsupported engine {
ℹ️ npm warn EBADENGINE package: 'commander@15.0.0',
ℹ️ npm warn EBADENGINE required: { node: '>=22.12.0' },
ℹ️ npm warn EBADENGINE current: { node: 'v20.20.2', npm: '10.8.2' }
ℹ️ npm warn EBADENGINE }
ℹ️ npm warn deprecated prebuild-install@7.1.3: No longer maintained. Please contact the author of the relevant native addon; alternatives are available.
ℹ️ ✅ mcp-security-baseline (2/2 checks passed)
ℹ️ ✓ [spec-compliance] All 1 skill(s) are spec-compliant.
ℹ️ ✓ spec-compliance: All spec checks passed.
ℹ️ ✓ [valid-refs] All file references across 1 skill(s) are valid.
Full linter output
### Linting skills/mcp-security-baseline
npm warn EBADENGINE Unsupported engine {
npm warn EBADENGINE   package: 'commander@15.0.0',
npm warn EBADENGINE   required: { node: '>=22.12.0' },
npm warn EBADENGINE   current: { node: 'v20.20.2', npm: '10.8.2' }
npm warn EBADENGINE }
npm warn deprecated prebuild-install@7.1.3: No longer maintained. Please contact the author of the relevant native addon; alternatives are available.
✅ mcp-security-baseline (2/2 checks passed)
    ✓ [spec-compliance] All 1 skill(s) are spec-compliant.
        ✓ spec-compliance: All spec checks passed.
    ✓ [valid-refs] All file references across 1 skill(s) are valid.
        ✓ valid-refs: All file references resolve to existing files within the skill directory.

1 skill(s) linted, 1 passed

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a new Agent Skill (mcp-security-baseline) to help reviewers assess MCP server/client source code against a defined security baseline and produce an evidence-backed compliance report, and updates the generated skills index to include it.

Changes:

  • Added mcp-security-baseline skill with a structured 6-step review process, baseline controls (MCP-01..05), RCE vector checks, and OWASP MCP Top 10 mapping.
  • Updated docs/README.skills.md to include the new skill entry.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
skills/mcp-security-baseline/SKILL.md New skill definition and detailed review checklist/reporting format for MCP implementation security reviews.
docs/README.skills.md Adds the new skill to the skills documentation index.

An Agent Skill that reviews MCP server and client source code against a security
baseline (5 controls, 7 RCE vectors, OWASP MCP Top 10) and produces a compliance
report with file/line evidence. Complements mcp-security-audit, which checks
.mcp.json configuration.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@Swethakumar1 Swethakumar1 force-pushed the add-mcp-security-baseline-skill branch from 948e63d to e7ab12c Compare July 4, 2026 00:20

@aaronpowell aaronpowell left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very minor nitpicks on the skill

Comment thread skills/mcp-security-baseline/SKILL.md Outdated
Comment thread skills/mcp-security-baseline/SKILL.md Outdated
- Remove the top-level `keywords` field: it is not a recognized skill
  front-matter field and is ignored (skills are indexed for search by
  name + description only). The keyword terms are already present in the
  description, so discovery is unaffected.
- Link the MCP 2025-03-26 specification at the protocol-version check so
  the agent has it for quick reference.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings July 8, 2026 19:46

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

Comment thread skills/mcp-security-baseline/SKILL.md Outdated
Comment thread skills/mcp-security-baseline/SKILL.md
…rent MCP spec

- Change the unsafe-deserialization example from `yaml.load(..., Loader=yaml.FullLoader)`
  to `Loader=yaml.UnsafeLoader` to reflect genuinely unsafe usage.
- Add a link to the current MCP spec revision (2025-11-25) alongside the 2025-03-26
  baseline on the protocol-version check.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings July 8, 2026 20:06

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

Comment on lines +77 to +85
| Pattern | Transport |
|---|---|
| `transport="http"` or `transport="sse"` | HTTP/SSE |
| `StreamableHttpServerTransport` | HTTP (TS/JS) |
| `SSEServerTransport` | SSE (TS/JS) |
| `WithHttpTransport()` | HTTP (C#) |
| `host="0.0.0.0"` | All-interfaces binding |
| Express `.listen(port)` with MCP routes | HTTP (default `0.0.0.0`) |
| `EXPOSE` in Dockerfile + MCP server | Network-exposed |
Comment thread skills/mcp-security-baseline/SKILL.md
Comment on lines +32 to +37
### Step 3 — Check baseline controls
- For **network-exposed servers**, check **MCP-01** through **MCP-05**.
- For **local/STDIO servers**, do not mark baseline controls PASS/FAIL; give best-practice notes and continue to RCE review.
- For **clients**, only review token/session handling explicitly visible in client code; do not apply the server baseline unless the user asks for client-side risk review.

**Completion criterion:** Each applicable control has a supported status.
Copilot AI review requested due to automatic review settings July 9, 2026 00:48
@aaronpowell aaronpowell enabled auto-merge (squash) July 9, 2026 00:49
@aaronpowell aaronpowell merged commit 72fae20 into github:main Jul 9, 2026
9 checks passed

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review details

  • Files reviewed: 2/2 changed files
  • Comments generated: 2
  • Review effort level: Low

Comment on lines +32 to +37
### Step 3 — Check baseline controls
- For **network-exposed servers**, check **MCP-01** through **MCP-05**.
- For **local/STDIO servers**, do not mark baseline controls PASS/FAIL; give best-practice notes and continue to RCE review.
- For **clients**, only review token/session handling explicitly visible in client code; do not apply the server baseline unless the user asks for client-side risk review.

**Completion criterion:** Each applicable control has a supported status.
## Process

### Step 1 — Classify the target
- Check **MCP protocol version [2025-03-26](https://modelcontextprotocol.io/specification/2025-03-26) or later** (current: [2025-11-25](https://modelcontextprotocol.io/specification/2025-11-25)). Flag older versions as a finding but continue the review.
@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

🔍 Potential Duplicate Resources Detected

This PR adds a resource that may be similar to an existing one in the repository. Please review this potential overlap before merging to avoid redundancy.

Note: This PR was already merged — this check is advisory and informational only.

Possible Duplicates

Group 1: MCP security review skills

Resource Type Description
skills/mcp-security-baseline/ (this PR) Skill Review MCP server and client source code against a security baseline — authentication, sessions, rate limiting, input-schema validation, RCE vectors, and the OWASP MCP Top 10
skills/mcp-security-audit/ (existing) Skill Audit MCP server configurations (.mcp.json files) for security issues — hardcoded secrets, shell injection in args, unpinned dependencies, unapproved servers

Why flagged: Both skills share the mcp-security- name prefix and both focus on MCP security. A user looking for "MCP security" might not immediately know which skill applies to their use case.

Suggestion: The two skills cover genuinely different layers — configuration auditing vs. source code review — and the PR description explicitly acknowledges this distinction. Consider whether the skill's description and use-case examples make the difference from mcp-security-audit clear enough at a glance (e.g., triggering on "review my MCP server code" vs. "check my .mcp.json").


💡 This is an advisory check only. If these are intentionally different, no action is needed — feel free to proceed with your PR.

Generated by PR Duplicate Check for #2212 · 52 AIC · ⌖ 6.22 AIC · ⊞ 5.9K ·

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

new-submission PR adds at least one new contribution skills PR touches skills

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants