Releases: jugaad-lab/clawguard
Release list
ClawGuard v1.1.0 - MCP Security Scanner
🔍 Major Feature: MCP Configuration Security Scanner
ClawGuard now includes comprehensive security scanning for Model Context Protocol (MCP) server configurations!
What's New
clawguard mcp-scan # Auto-discover and scan
clawguard mcp-scan --fix # Show remediation
clawguard mcp-scan --json # CI/CD output
clawguard mcp-scan --severity high # Filter by severityKey Features
✅ Auto-Discovery - Finds configs from Claude Desktop, Cursor, VS Code, Windsurf, Claude Code, Clawdbot
✅ 13+ Secret Patterns - OpenAI, Anthropic, GitHub, AWS, Slack, SendGrid, Google, JWT, and more
✅ Command Injection Detection - Catches unrestricted shell access, curl|bash, sudo, eval, rm -rf
✅ Prompt Injection - Detects malicious patterns in tool descriptions
✅ Transport Security - Flags unencrypted HTTP and 0.0.0.0 binding
✅ Threat Database Integration - Cross-references server URLs and packages against ClawGuard's threat intelligence
✅ CI/CD Ready - Exit codes (0=clean, 1=high, 2=critical) + JSON output
✅ CWE References - All findings mapped to Common Weakness Enumeration
✅ Security Scoring - 0-100 scale assessment
Example
$ clawguard mcp-scan
┌─────────────────────────────────────────────────┐
│ 🔍 ClawGuard MCP Security Scanner │
│ Powered by ClawGuard Threat Intelligence │
└─────────────────────────────────────────────────┘
📋 Scan Summary
Configs scanned: 2
Servers found: 3
⚠️ Findings (4 issues)
🔴 CRITICAL 1 █
🟠 HIGH 2 ██
🟡 MEDIUM 1 █
🛡️ Security Score: 15/100Why This Matters
MCP adoption is exploding (97M+ monthly SDK downloads). Every MCP server gets direct system access. ClawGuard helps you audit your configs before they become attack vectors.
Installation
# Via npm (when published)
npm install -g clawguard
# Or clone from jugaad-lab
git clone https://github.com/jugaad-lab/clawguard.git
cd clawguard && npm installFull Changelog
See CHANGELOG.md for complete version history.
Contributors: @chhotu2601 (feature implementation), @cheenu1092 (review & testing)
Stats: 706 lines added, 0 new dependencies, 9/9 tests passing