Expand description
Security rules for mcplint.
Each rule implements the mcplint_core::Rule trait and detects a specific class of
security issue in MCP tool configurations:
| Rule | Module | What it detects |
|---|---|---|
| MG001 | mg001_unbounded_string | Unbounded string parameters flowing to dangerous sinks |
| MG002 | mg002_over_permissioning | Tool descriptions that understate actual capabilities |
| MG003 | mg003_escalation_chains | Cross-tool/cross-server escalation chains |
| MG004 | mg004_filesystem_scope | Filesystem access without path confinement |
| MG005 | mg005_weak_auth | Missing or weak authentication |
| MG006 | mg006_metadata_leakage | Internal metadata leakage in descriptions |
| MG007 | mg007_broad_scope | Overly broad tool parameter scopes |
| MG008 | mg008_transport_security | Insecure transport (HTTP/WS without TLS) |
| MG009 | mg009_env_leakage | Sensitive environment variables passed to servers |
Use default_registry() to get a mcplint_core::RuleRegistry with all rules registered.
Modules§
- mg001_
unbounded_ string - mg002_
over_ permissioning - mg003_
escalation_ chains - mg004_
filesystem_ scope - mg005_
weak_ auth - mg006_
metadata_ leakage - mg007_
broad_ scope - mg008_
transport_ security - mg009_
env_ leakage
Functions§
- default_
registry - Create a registry populated with all rules.