MCP security

Code quality and security audit: what is solid, what still needs work

Summary of the June 9, 2026 audit: supply chain, SQL, credentials, MCP hardening, config destruction and API disclosure.

High1
Medium2
Low1
Scope9.2k LOC

Verdict

1 high, 2 medium, 1 low. The code is considered well hardened for such a young project, but several points still need fixes.

Strengths

The audit notes a client with no runtime dependencies, no install hooks, no dynamic code, no committed secrets, parameterized SQL and hardened credential handling.

The report also notes real prompt injection mitigation in the Hermes adapter, with an explicit fence around untrusted context.

The high finding

The most serious issue is silent configuration destruction if a JSON or YAML settings file is corrupt. A backup exists, but the user is not clearly alerted.

The expected fix is to fail fast or show an explicit warning before resetting an unreadable config.

Rerun the test

pip-audit && python scripts/run_mcp_security_suite.py

Evidence files