mcp-security-auditorlisted

> **AI-consumed reference.** Optimized for Claude to read during execution. > Human-readable explanation: see [docs/architecture/HIERARCHICAL_PLANNING.md](../../../docs/architecture/HIERARCHICAL_PLANNING.md) > or [docs/getting-started/](../../../docs/getting-started/) depending on topic. # MCP Security Auditor **STATUS — v3.7.0-rc.1.** Read-only auditor; does not enforce — that's `mcp-call-gate.cjs`'s job. ## Behavior 1. Read `.aura/security/mcp-audit.jsonl` (append-only; produced by `hooks/mcp-call-gate.cjs`) 2. Group entries by: - Agent → MCP server → method - Time bucket (last 1h / 24h / session) - Status (success / blocked / rate-limited) 3. Project to TOON (via `scripts/json-to-toon.cjs --schema generic` or custom fields) — NEVER load raw JSONL into context 4. Surface findings categorized as: - **Blocked calls** (`BLOCKED:true`) — deserve investigation - **Rate-limit warnings** — soft (80%) or hard (100%) hits - **Suspicious patterns** — destructive SQL detected, large output (>10KB), high frequency ## What this skill does NOT do - Does NOT enforce — `mcp-call-gate.cjs` is the enforcement layer - Does NOT mutate the audit log (append-only by design) - Does NOT call MCPs itself (read-only on the audit file) - Does NOT proxy MCP calls — the gate hook intercepts at PreToolUse - Does NOT decide policy — `rules/agent/mcp-security-policy.md` is authoritative ## Audit log schema (per spec §23.2) ```jsonl {"ts":"2026-05-07T...","agent":"architect","mcp