pnx-mcp-audit
Security auditor for Model Context Protocol (MCP) servers.
Open Source
Free auditing tools for AI builders.
Standalone binaries. No telemetry. CI-friendly.
The same static checks our commercial AI Security Posture Management platform runs against production AI applications, released as single-binary command-line tools under the Apache-2.0 license. Run them in CI, in development, or against a vendor before procurement.
More on the way
Prompt-injection probes, RAG corpus canaries, and a hosted MCP safety checker are next in the queue.
Subscribe to the project's releases on GitHub to be notified when the next tool ships.
Why we open-source
Static checks should not be a commercial moat.
Audit before procurement
An MCP server, a prompt template, or a vendor-supplied agent should be reviewable before it reaches production. The free tools cover the static part of that review, with the same rules a paid scanner would apply.
CI-ready by default
Every tool exits with severity-tiered status codes so a GitHub Action, a GitLab job, or a Jenkins step can gate a merge on findings without bespoke parsing.
No telemetry, no SaaS lock-in
The binaries run fully offline. Source code stays on the machine where the tool runs. We never see the artefacts you scan.
What stays commercial
The continuous multi-judge consensus pipeline, the runtime gateway agent, the six-framework compliance evidence collection, and the cross-framework deduplication ship in the Penaxtra platform.
Run the full AI Security Posture Management platform.
Continuous adversarial scans, multi-judge consensus, runtime gateway, and six-framework compliance evidence in one platform.