RepoRadar
Leave a Tip
Item detail
github.com

MCP-Audit/MCTS

MCP-Audit/MCTS is a security tool in RepoRadar's Agent Security section, holding Gold tier and a 'try now' verdict. Its strongest signal is workflow potential, scored 9.9 out of 10.

Open source Back to radar
Score8.4
Popularity1.0
Riskconditional
TierGold
Score breakdown
Usefulness8.0
Novelty8.0
Momentum5.0
Maturity6.6
Open-source/build8.4
Evidence8.0
Workflow potential9.9
Setup ease6.4

Popularity is tracked separately. Support, ads, sponsorships, and tips never affect these signals.

Why it matters

Useful for MCP authors, platform teams, and security-minded builders who want something more concrete than checklist advice when reviewing tool permissions, prompt-injection paths, and package risk around agent integrations.

Who should use it

MCP server authors who want a security pass before publishing or deployingPlatform and security teams reviewing agent tool exposure across multiple reposDevelopers who want SARIF or JSON output they can plug into existing review workflowsBuilders comparing how serious different MCP projects are about auditability

Who should skip it

Pass on MCP-Audit/MCTS if its scope or audience does not match what your team is building right now.

About this signal

MCP-Audit/MCTS is tracked by RepoRadar as a security tool in the Agent Security section. It was first seen on 2026-06-28 and last updated on 2026-06-28. The current verdict is 'try now' with a Gold tier and moderate setup difficulty. The standout signals for MCP-Audit/MCTS are workflow potential (9.9) and open-source/build quality (8.4), while momentum (5.0) trails — that balance shapes where it fits best. This page summarizes the evidence RepoRadar has captured from captured source metadata. The score, tier, risk label, and verdict on this page are never influenced by sponsorship, ads, or tips — they reflect only the usefulness, popularity, novelty, momentum, maturity, and evidence signals described in the RepoRadar methodology.

How this item is evaluated

RepoRadar assigned MCP-Audit/MCTS a composite score of 8.4 out of 10, placing it in the Gold tier. This score combines weighted sub-signals: usefulness (35%), novelty (18%), momentum (14%), maturity (10%), open-source/build quality (7%), evidence quality (6%), workflow potential (6%), and setup ease (4%). Popularity is tracked separately at 1.0 and never affects the composite score or tier. The risk label of 'conditional' reflects inherent user-impacting hazards, not generic novelty. Items with no risk flag may still require normal code review before production use.

Putting this into practice? Read How to vet an AI agent or MCP server before you wire it in for the checklist behind this score.

Risk explanation

Live probing and fuzzing modes should stay on test servers or disposable sandboxes until you understand exactly which tools and integrations they exercise; The project is still labeled alpha, so teams should treat its scores as a strong audit signal rather than a substitute for manual review.

Evidence links
Closest alternatives / related signals
mcpsecurityauditdeveloper-toolsapache-2.0ci