CClaude Code Catalog
All Skills

MCP OAuth Auditor

StrategyAdvanced

Identifies auth discovery gaps, overscoped permissions, and protected-resource metadata issues.

Trigger/mcp-auth-audit
Frequencyper deployment

Security Engineer? Run /mcp-auth-audit before deploying MCP servers to production

MCP Server Author? Validate OAuth configuration matches the 2025-11 spec update

OAuth 2.1OIDCMCP SecurityAudit

How It Works

/mcp-auth-audit [server-config] run
Phase 1: 4 audit checks
oidc-discovery
Validate .well-known/openid-configuration
scope-analysis
Check for overscoped permissions
consent-flow
Verify incremental consent support
resource-meta
Audit protected resource metadata
Generate security risk assessment
Auth audit report with risk scores + fix recommendations

Skill Code

# MCP OAuth Auditor Skill ## Trigger: /mcp-auth-audit [server-config-path] When invoked: 1. Read MCP server auth configuration: - OAuth 2.1 authorization server metadata - OIDC Discovery endpoint (.well-known/openid-configuration) - Protected Resource Metadata (RFC 9728) - Scope definitions and consent flow 2. Audit against MCP spec (2025-11-25): ### OIDC Discovery Check | Requirement | Status | |-------------|--------| | Discovery endpoint reachable | OK/FAIL | | issuer matches server URL | OK/FAIL | | authorization_endpoint present | OK/FAIL | | token_endpoint present | OK/FAIL | | response_types_supported | OK/WARN | ### Scope Analysis - List all declared scopes - Flag overly broad scopes (e.g., "admin" without sub-scopes) - Check: does each tool declare required scopes? - Recommend minimum-privilege scope sets ### Incremental Consent - Does server support incremental scope requests? - Are scope upgrade prompts user-friendly? - Is consent revocation properly handled? ### Protected Resource Metadata - RFC 9728 compliance check - resource_documentation_uri present? - authorization_servers[] properly linked? 3. Output: Risk score (Low/Medium/High/Critical) per category + specific remediation steps for each finding

Copy and paste into your CLAUDE.md to start using immediately.

How MCP OAuth Auditor Works

MCP OAuth Auditor reads your server's auth configuration and audits four areas in parallel — OIDC Discovery, scope analysis, incremental consent, and protected resource metadata. It produces a security risk assessment with severity scores (Low to Critical) and specific remediation steps.

When to Use MCP OAuth Auditor

Essential before deploying MCP servers to production or when verifying compliance with the OAuth 2.1 spec update (2025-11). Catches overscoped permissions and auth discovery gaps early.

Key Strengths

  • Integrated audit of OAuth 2.1, OIDC Discovery, and RFC 9728
  • Automatic detection of overscoped permissions
  • Risk scores by category for easy prioritization
  • Specific remediation guidance included

Same Category

Strategy View All

PRD Writer

Generates comprehensive PRDs through structured Socratic questioning.

Competitor Analysis

Systematically analyzes competitors and generates comparison matrices.

User Story Generator

Generates user stories with acceptance criteria from requirements.

Popular in Other Categories

Session Summary

WorkflowAutomatically summarizes changes and next steps at the end of a work session.

Smart Commit

CodingAnalyzes changes and auto-generates meaningful commit messages.

CLAUDE.md Builder

ProductivityAnalyzes your project and auto-generates an optimized CLAUDE.md.