Project Templates์ถ์ฒ: Show HN์กฐํ์ 6
Show HN: Mcpsec-A multi-agent SEC gate for MCP toolchains (scan โharden โrescan)
By Yuvraj_exe2026๋
2์ 20์ผ
**Show HN: Mcpsec-A multi-agent SEC gate for MCP toolchains (scan โharden โrescan)**
Hi HN,I built MCPSEC, a security gatekeeper for MCP (Model Context Protocol) toolchains.It scans MCP configs, correlates vulnerability intel (OSV / GHSA / NVD), simulates tool abuse with an LLM-based probe agent, generates a policy + patch plan, applies hardening, then re-scans and gates CI on the final risk score.The design is intentionally agentic: - Inventory agent: parses MCP configs - Intel agent: pulls vuln data (OSV / GHSA / NVD) - Probe agent (LLM, optional): generates adversarial tool abuse prompts - Policy agent (LLM, optional): turns findings into concrete config changes - Orchestrator: merges results, scores risk, writes reports, applies patchesYou can run it locally as a CLI or drop it into CI as a GitHub Action: - It produces before/apply/after reports as artifacts - It can fail PRs if the final risk score stays above a threshold - Without an LLM token it works as a deterministic scanner; with one it becomes a true โsecurity copilotโRepo: https://github.com/yuvrajgitwork/MCP-toolchain-security-GK Demo workflow: scan โ apply โ rescan โ lower scoreI built this because MCP toolchains are becoming powerful and over-privileged very quickly, and thereโs basically no security gate for them yet.Would love feedback from folks working in AI infra / security. Comments URL: https://news.ycombinator.com/item?id=47079889 Points: 1 # Comments: 0
---
**[devsupporter ํด์ค]**
์ด ๊ธฐ์ฌ๋ Show HN์์ ์ ๊ณตํ๋ ์ต์ ๊ฐ๋ฐ ๋ํฅ์ ๋๋ค. ๊ด๋ จ ๋๊ตฌ๋ ๊ธฐ์ ์ ๋ํด ๋ ์์๋ณด์๋ ค๋ฉด ์๋ณธ ๋งํฌ๋ฅผ ์ฐธ๊ณ ํ์ธ์.
Hi HN,I built MCPSEC, a security gatekeeper for MCP (Model Context Protocol) toolchains.It scans MCP configs, correlates vulnerability intel (OSV / GHSA / NVD), simulates tool abuse with an LLM-based probe agent, generates a policy + patch plan, applies hardening, then re-scans and gates CI on the final risk score.The design is intentionally agentic: - Inventory agent: parses MCP configs - Intel agent: pulls vuln data (OSV / GHSA / NVD) - Probe agent (LLM, optional): generates adversarial tool abuse prompts - Policy agent (LLM, optional): turns findings into concrete config changes - Orchestrator: merges results, scores risk, writes reports, applies patchesYou can run it locally as a CLI or drop it into CI as a GitHub Action: - It produces before/apply/after reports as artifacts - It can fail PRs if the final risk score stays above a threshold - Without an LLM token it works as a deterministic scanner; with one it becomes a true โsecurity copilotโRepo: https://github.com/yuvrajgitwork/MCP-toolchain-security-GK Demo workflow: scan โ apply โ rescan โ lower scoreI built this because MCP toolchains are becoming powerful and over-privileged very quickly, and thereโs basically no security gate for them yet.Would love feedback from folks working in AI infra / security. Comments URL: https://news.ycombinator.com/item?id=47079889 Points: 1 # Comments: 0
---
**[devsupporter ํด์ค]**
์ด ๊ธฐ์ฌ๋ Show HN์์ ์ ๊ณตํ๋ ์ต์ ๊ฐ๋ฐ ๋ํฅ์ ๋๋ค. ๊ด๋ จ ๋๊ตฌ๋ ๊ธฐ์ ์ ๋ํด ๋ ์์๋ณด์๋ ค๋ฉด ์๋ณธ ๋งํฌ๋ฅผ ์ฐธ๊ณ ํ์ธ์.