Bawbel Scanner

Name: Bawbel Scanner
Author: bawbel

bawbel/bawbel-scanner

Run production-oriented security scans on MCP servers and skill files with OWASP MCP mapping and a 45-record AVE corpus.

Overview

io.github.bawbel/bawbel-scanner is a MCP server for the Ship phase that security-scans MCP servers and skill files for AVE issues with OWASP MCP mapping and 45 AVE records.

What is this MCP server?

Bawbel Scanner v1.1.1 (PyPI bawbel-scanner, Apache-2.0)
45 AVE records in publisher metadata with OWASP MCP mapping
Named --path argument for file or directory scan targets (default .)
Threat intel API endpoint https://api.piranha.bawbel.io per registry _meta
45 AVE records in publisher _meta
Server version 1.1.1
Apache-2.0 license

Compatible agents: Claude Code, Cursor, Codex, Windsurf

What problem does it solve?

Shipping agent workflows without scanning lets AVE-class flaws in MCP servers and skills reach users who grant broad tool access.

Who is it for?

Solo builders who want a documented 45-record AVE scanner with path-based targets before launch or registry publish.

Skip if: Products with no MCP or skill surface where only runtime app penetration testing is required.

What do I get? / Deliverables

You scan chosen paths for AVE vulnerabilities with OWASP-aligned MCP coverage before trusting tooling in production.

Directory or file-level AVE scan report
OWASP MCP mapped findings context
Threat-intel-backed signals via documented Bawbel API integration

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

Pre-production scanning is canonical in Ship security before you expose agent tools to real users or credentials. Security subphase captures vulnerability detection, OWASP-aligned MCP checks, and gating risky servers before launch.

How it compares

Registry-documented AVE security scanner with path CLI, not a passive runtime WAF or generic npm audit.

Common Questions / FAQ

Who is bawbel-scanner for?

Indie builders and devsecops-minded solo founders vetting MCP servers and skill files before production or marketplace distribution.

When should I use bawbel-scanner?

Use it in your ship security checklist when adding MCP entries, publishing skills, or reviewing forks with --path aimed at the artifact tree.

How do I add bawbel-scanner to my agent?

Configure stdio MCP with PyPI identifier bawbel-scanner (uvx), pass --path to the file or directory to scan, per github.com/bawbel/bawbel-scanner.

Bawbel Scanner

bawbel/bawbel-scanner

Run production-oriented security scans on MCP servers and skill files with OWASP MCP mapping and a 45-record AVE corpus.

Overview

io.github.bawbel/bawbel-scanner is a MCP server for the Ship phase that security-scans MCP servers and skill files for AVE issues with OWASP MCP mapping and 45 AVE records.