GitHunt
SI

silvermete0r/local_mcp_pypi_packages_audit

Gradio-based MCP server for auditing local Python packages using Bandit and AST-based static analysis. Generates interactive HTML security reports with severity charts.

local-mcppypi-packagessecurity-auditstatic-code-analysis

๐Ÿ›ก๏ธ Local PyPI MCP Audit

Gradio-based MCP server for auditing local Python packages using Bandit and AST-based static analysis. Generates interactive HTML security reports with severity charts.

Gradio MCP Hackathon 2025 - 8-10 June, 2025 - mcp-server-track

โœจ Features

  • ๐Ÿ” Bandit security scans
  • ๐Ÿง  AST-based code risk analysis
  • ๐Ÿ“Š HTML reports with charts
  • ๐Ÿงฉ MCP endpoint for LLM integration

๐Ÿš€ How to Use

Recommended: Run in your local environment to test Python packages installed on your system for possible vulnerabilities.

  1. Run the Server:

    python app.py

  2. Access the Web Interface:
    Open your browser and go to http://localhost:7860.

  3. User Instructions:

  • Enter package names (comma-separated), or leave blank to scan all installed packages.
  • Click Run Audit.
  • Download the HTML report.

๐Ÿ”— MCP Endpoint

Use this in your MCP Client: mcp-local-run

{
  "mcpServers": {
    "gradio": {
      "command": "npx",
      "args": [
        "mcp-remote",
        "http://localhost:7860/gradio_api/mcp/sse"
      ]
    }
  }
}

Languages

Python100.0%

Contributors

SI
Created June 12, 2025
Updated December 16, 2025