MCP server exposing Bawbel Scanner as agent-callable security tools
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Project description
Bawbel MCP Server
Security scanner for MCP servers and agentic AI components, exposed as MCP tools.
Bawbel MCP Server lets any MCP-compatible agent scan servers, check skill files, score conformance, manage justified suppressions, and query the AVE threat intelligence database mid-conversation.
Install
pip install bawbel-mcp
Or with all detection engines (YARA, Semgrep, LLM, Magika, Sandbox):
pip install "bawbel-mcp[all]"
Tools
| Tool | Description |
|---|---|
scan_content |
Scan raw text content for AVE vulnerabilities |
scan_server_card |
Fetch and scan an MCP server-card before connecting |
scan_creds |
Credential-focused scan (API keys, tokens, passwords, private keys) |
scan_chain |
Delegation chain scan (unsafe sub-agent spawning and inherited permissions) |
check_conformance |
Score a server manifest against the MCP spec (18 checks, A+ to F) |
accept_finding |
Insert a justified suppression with reason, reviewer, and optional expiry |
lookup_ave |
Get a full AVE record by ID with remediation guidance |
search_ave |
Search AVE records by keyword |
list_ave |
List all AVE records with optional severity/category filters |
check_pins |
Detect rug pull drift in a directory of skill files |
Resources
| Resource | Description |
|---|---|
ave://stats |
Current AVE database statistics |
ave://record/{ave_id} |
Full AVE record for a specific ID |
Usage
Claude Desktop
Add to claude_desktop_config.json:
{
"mcpServers": {
"bawbel": {
"command": "uvx",
"args": ["bawbel-mcp"]
}
}
}
Claude Code
claude mcp add bawbel uvx bawbel-mcp
Cursor / Windsurf
Add to your MCP settings:
{
"bawbel": {
"command": "uvx",
"args": ["bawbel-mcp"]
}
}
Remote deployment (Streamable HTTP)
uvx bawbel-mcp --transport streamable-http --host 0.0.0.0 --port 8000
Example conversations
Scan a server before connecting:
"Before I add this MCP server to my config, scan it for security issues: https://api.some-mcp-server.com"
Claude calls scan_server_card("https://api.some-mcp-server.com") and reports
findings with AVE IDs, AIVSS severity scores, and remediation steps.
Check a skill file:
"Check this skill file content for prompt injection vulnerabilities"
Claude calls scan_content(content) and returns findings including any
toxic flow chains detected.
Check for hardcoded credentials:
"Does this skill file contain any hardcoded API keys or secrets?"
Claude calls scan_creds(content) and returns credential findings only.
Check for unsafe delegation:
"Does this skill spawn sub-agents without proper trust boundaries?"
Claude calls scan_chain(content) and returns delegation chain findings.
Accept a false positive:
"Mark AVE-2026-00001 on line 7 of travel.md as a false positive. Reason: internal registry endpoint, not attacker-controlled."
Claude calls accept_finding(...) and writes the justified suppression
comment directly into the file. The approval is tracked in version control.
Score a server against the spec:
"Does this server follow the MCP spec? https://api.some-mcp-server.com"
Claude calls check_conformance("https://api.some-mcp-server.com") and
returns a score, grade, and list of failed checks.
Look up a vulnerability:
"What is AVE-2026-00041 and how do I fix it?"
Claude calls lookup_ave("AVE-2026-00041") and returns the full record
with behavioral fingerprint, IOCs, and remediation steps.
Search for relevant vulnerabilities:
"What AVE records cover credential exfiltration?"
Claude calls search_ave("credential exfiltration") and returns matching
records with AIVSS scores and OWASP MCP categories.
Audit mode - see all findings including suppressed:
"Scan this file and show me everything, including suppressed findings."
Claude calls scan_content(content, no_ignore=True) and bypasses all
suppression layers.
Requirements
- Python 3.10+
bawbel-scanner>=1.2.2(installed automatically)fastmcp>=3.0.0(installed automatically)
The bawbel CLI must be available in PATH. Installing bawbel-mcp installs
bawbel-scanner which provides the bawbel CLI.
Related
- bawbel-scanner - CLI scanner
- bawbel/ave - AVE standard and records
- api.piranha.bawbel.io - Threat intel API
- bawbel.io/docs - Full documentation
Apache 2.0. Built by Bawbel.
Project details
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file bawbel_mcp-1.1.0.tar.gz.
File metadata
- Download URL: bawbel_mcp-1.1.0.tar.gz
- Upload date:
- Size: 16.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
886bec169bb32d79d6e09cdbe2714fb864adb8d00ea6e6ffb599a14de95f0786
|
|
| MD5 |
8ba48395ae6d89f1df6c9b75f2161822
|
|
| BLAKE2b-256 |
1410e5bba7278047e0271881ee4b905cb422f6808c914b2b351cfa39feee2430
|
Provenance
The following attestation bundles were made for bawbel_mcp-1.1.0.tar.gz:
Publisher:
publish.yml on bawbel/bawbel-mcp
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
bawbel_mcp-1.1.0.tar.gz -
Subject digest:
886bec169bb32d79d6e09cdbe2714fb864adb8d00ea6e6ffb599a14de95f0786 - Sigstore transparency entry: 1615491456
- Sigstore integration time:
-
Permalink:
bawbel/bawbel-mcp@d0b2272b139fec5a8a58b6355bb78c06edd994e3 -
Branch / Tag:
refs/tags/v1.1.0 - Owner: https://github.com/bawbel
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@d0b2272b139fec5a8a58b6355bb78c06edd994e3 -
Trigger Event:
release
-
Statement type:
File details
Details for the file bawbel_mcp-1.1.0-py3-none-any.whl.
File metadata
- Download URL: bawbel_mcp-1.1.0-py3-none-any.whl
- Upload date:
- Size: 15.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
59120673fb5413113f51d4741af6a45a25d3d6d4572cccf362a6bf1e6ea6b688
|
|
| MD5 |
230efc53f993528e3c47ffb8f62d2e20
|
|
| BLAKE2b-256 |
87e65cff5f0f2b08a01d5b8578746ce34b03a0030be7305871cc23814dee4739
|
Provenance
The following attestation bundles were made for bawbel_mcp-1.1.0-py3-none-any.whl:
Publisher:
publish.yml on bawbel/bawbel-mcp
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
bawbel_mcp-1.1.0-py3-none-any.whl -
Subject digest:
59120673fb5413113f51d4741af6a45a25d3d6d4572cccf362a6bf1e6ea6b688 - Sigstore transparency entry: 1615491486
- Sigstore integration time:
-
Permalink:
bawbel/bawbel-mcp@d0b2272b139fec5a8a58b6355bb78c06edd994e3 -
Branch / Tag:
refs/tags/v1.1.0 - Owner: https://github.com/bawbel
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@d0b2272b139fec5a8a58b6355bb78c06edd994e3 -
Trigger Event:
release
-
Statement type:
