mcplint-rules 0.1.0

Built-in security rules for mcplint
Documentation
  • Coverage
  • 55%
    11 out of 20 items documented0 out of 10 items with examples
  • Size
  • Source code size: 189.26 kB This is the summed size of all the files inside the crates.io package for this release.
  • Documentation size: 6.97 MB This is the summed size of all files generated by rustdoc for all configured targets
  • Ø build duration
  • this release: 42s Average build duration of successful builds.
  • all releases: 1m 9s Average build duration of successful builds in releases after 2024-10-23.
  • Links
  • Repository
  • crates.io
  • Dependencies
  • Versions
  • Owners
  • lalitb

Security rules for mcplint.

Each rule implements the [mcplint_core::Rule] trait and detects a specific class of security issue in MCP tool configurations:

Rule Module What it detects
MG001 [mg001_unbounded_string] Unbounded string parameters flowing to dangerous sinks
MG002 [mg002_over_permissioning] Tool descriptions that understate actual capabilities
MG003 [mg003_escalation_chains] Cross-tool/cross-server escalation chains
MG004 [mg004_filesystem_scope] Filesystem access without path confinement
MG005 [mg005_weak_auth] Missing or weak authentication
MG006 [mg006_metadata_leakage] Internal metadata leakage in descriptions
MG007 [mg007_broad_scope] Overly broad tool parameter scopes
MG008 [mg008_transport_security] Insecure transport (HTTP/WS without TLS)
MG009 [mg009_env_leakage] Sensitive environment variables passed to servers

Use [default_registry()] to get a [mcplint_core::RuleRegistry] with all rules registered.