Bawbel Scanner

Name: Bawbel Scanner
Author: bawbel

bawbel/bawbel-mcp

Scan MCP servers and agent skill files for Agentic Vulnerability Enumeration (AVE) issues before you ship or publish tooling.

Overview

io.github.bawbel/bawbel-mcp is a MCP server for the Ship phase that scans MCP servers and skill files for AVE vulnerabilities with conformance scoring and threat intel.

What is this MCP server?

Bawbel Scanner MCP (PyPI bawbel-mcp v1.1.0, uvx runtime hint)
Scans MCP servers and skill files for AVE vulnerabilities
Conformance scoring plus threat intelligence integration
stdio transport for security workflows inside the agent
Server version 1.1.0
PyPI identifier bawbel-mcp with uvx runtime hint
Publisher categories include security, devsecops, scanner, vulnerability

Compatible agents: Claude Code, Cursor, Codex, Windsurf

Community signal: 1 GitHub stars.

What problem does it solve?

Community MCP servers and skills can carry agentic vulnerabilities you will not catch with ordinary app linting.

Who is it for?

Indie builders who install many MCP servers or distribute skills and want agent-driven security scans in the Ship hardening loop.

Skip if: Teams that only need traditional SAST on application code with no MCP or SKILL.md surface area.

What do I get? / Deliverables

You get AVE-focused scan results and conformance signals before trusting tooling in production agent configs.

AVE vulnerability findings for MCP and skill targets
Conformance scoring output for reviewed artifacts
Threat-intel-informed scan context via Bawbel tooling

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

Security scanning belongs in Ship when you harden agent integrations and skill packages prior to production or registry publication. Security subphase covers conformance checks and vulnerability detection on MCP and skill artifacts you depend on.

How it compares

AVE-focused MCP and skill scanner, not a general cloud posture or dependency-only SCA tool.

Common Questions / FAQ

Who is bawbel-mcp for?

Solo developers and small teams shipping Claude Code or Cursor workflows who need to vet MCP servers and skill files for agentic vulnerabilities.

When should I use bawbel-mcp?

Use it before adding unknown MCP packages to your config, before publishing skills, and after meaningful upgrades to agent tooling.

How do I add bawbel-mcp to my agent?

Run via uvx/PyPI identifier bawbel-mcp with stdio transport in your MCP client, following github.com/bawbel/bawbel-mcp setup for paths and scan targets.

Bawbel Scanner

bawbel/bawbel-mcp

Scan MCP servers and agent skill files for Agentic Vulnerability Enumeration (AVE) issues before you ship or publish tooling.

Overview

io.github.bawbel/bawbel-mcp is a MCP server for the Ship phase that scans MCP servers and skill files for AVE vulnerabilities with conformance scoring and threat intel.

What is this MCP server?

Bawbel Scanner MCP (PyPI bawbel-mcp v1.1.0, uvx runtime hint)
Scans MCP servers and skill files for AVE vulnerabilities
Conformance scoring plus threat intelligence integration
stdio transport for security workflows inside the agent
Server version 1.1.0
PyPI identifier bawbel-mcp with uvx runtime hint
Publisher categories include security, devsecops, scanner, vulnerability

Compatible agents: Claude Code, Cursor, Codex, Windsurf

Community signal: 1 GitHub stars.

What problem does it solve?

Community MCP servers and skills can carry agentic vulnerabilities you will not catch with ordinary app linting.

Who is it for?

Indie builders who install many MCP servers or distribute skills and want agent-driven security scans in the Ship hardening loop.

Skip if: Teams that only need traditional SAST on application code with no MCP or SKILL.md surface area.

What do I get? / Deliverables

You get AVE-focused scan results and conformance signals before trusting tooling in production agent configs.

AVE vulnerability findings for MCP and skill targets
Conformance scoring output for reviewed artifacts
Threat-intel-informed scan context via Bawbel tooling

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

How it compares

AVE-focused MCP and skill scanner, not a general cloud posture or dependency-only SCA tool.

Common Questions / FAQ

Who is bawbel-mcp for?

Solo developers and small teams shipping Claude Code or Cursor workflows who need to vet MCP servers and skill files for agentic vulnerabilities.

When should I use bawbel-mcp?

Use it before adding unknown MCP packages to your config, before publishing skills, and after meaningful upgrades to agent tooling.

How do I add bawbel-mcp to my agent?

Run via uvx/PyPI identifier bawbel-mcp with stdio transport in your MCP client, following github.com/bawbel/bawbel-mcp setup for paths and scan targets.

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is bawbel-mcp for?

When should I use bawbel-mcp?

How do I add bawbel-mcp to my agent?

This week for builders

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is bawbel-mcp for?

When should I use bawbel-mcp?

How do I add bawbel-mcp to my agent?