mcp-audit for Visual Studio Code
Audit Model Context Protocol configuration files without leaving VS Code.
mcp-audit helps teams review MCP server definitions for risky commands, exposed secrets, unsafe paths, and policy issues before they reach production workflows.
Features
- Run
mcp-audit: Scan Workspace from the Command Palette.
- Open a Markdown audit report in a temporary editor tab.
- Publish file-level findings to the VS Code Problems panel.
- Configure the severity threshold used to mark scans as failing.
- Keep executable configuration in user settings, reducing workspace-level tampering risk.
Requirements
Install the mcp-audit CLI and make it available on PATH.
If the CLI is installed elsewhere, configure the executable path in user settings:
{
"mcpAudit.executablePath": "/path/to/mcp-audit"
}
Usage
Open a workspace, then run:
mcp-audit: Scan Workspace
The extension runs:
mcp-audit scan --path <workspace> --format markdown --fail-on <setting>
The Markdown report opens in VS Code. When diagnostics are enabled, supported findings also appear in the Problems panel.
Settings
| Setting |
Default |
Description |
mcpAudit.executablePath |
mcp-audit |
Path to the mcp-audit executable. Configure this in user settings. |
mcpAudit.failOn |
none |
Severity threshold passed to the CLI: critical, high, medium, low, or none. |
mcpAudit.diagnostics.enabled |
true |
Publish supported findings to the VS Code Problems panel. |
Install
Install from the Visual Studio Marketplace:
ext install batoisystems.mcp-audit-vscode
