mirror of
https://github.com/github/awesome-copilot.git
synced 2026-07-14 01:51:02 +00:00
chore: publish from main
This commit is contained in:
@@ -238,8 +238,8 @@ See [CONTRIBUTING.md](../CONTRIBUTING.md#adding-skills) for guidelines on how to
|
||||
| [mcp-create-adaptive-cards](../skills/mcp-create-adaptive-cards/SKILL.md)<br />`gh skills install github/awesome-copilot mcp-create-adaptive-cards` | Skill converted from mcp-create-adaptive-cards.prompt.md | None |
|
||||
| [mcp-create-declarative-agent](../skills/mcp-create-declarative-agent/SKILL.md)<br />`gh skills install github/awesome-copilot mcp-create-declarative-agent` | Skill converted from mcp-create-declarative-agent.prompt.md | None |
|
||||
| [mcp-deploy-manage-agents](../skills/mcp-deploy-manage-agents/SKILL.md)<br />`gh skills install github/awesome-copilot mcp-deploy-manage-agents` | Skill converted from mcp-deploy-manage-agents.prompt.md | None |
|
||||
| [mcp-implementation-security-review](../skills/mcp-implementation-security-review/SKILL.md)<br />`gh skills install github/awesome-copilot mcp-implementation-security-review` | Review the implementation source code of MCP (Model Context Protocol) servers, clients, and tool handlers against a security baseline — authentication, sessions, rate limiting, input-schema validation, official-SDK usage, RCE vectors, and the OWASP MCP Top 10 — producing a report with file/line evidence. Use this skill when:<br />- Reviewing an MCP server implementation for security before release<br />- Checking a server against the baseline controls (MCP-01 to MCP-05) and the OWASP MCP Top 10<br />- Auditing tools for RCE vectors (command/code injection, unsafe deserialization, path traversal, SSTI, dependency hijacking, SSRF)<br />- Verifying auth, session, rate-limiting, and input-validation controls on a network-exposed server<br />- Reviewing MCP client code that handles untrusted server responses and session IDs<br />- Requests like "review this MCP server for security" or "is my MCP server implementation secure?" | None |
|
||||
| [mcp-security-audit](../skills/mcp-security-audit/SKILL.md)<br />`gh skills install github/awesome-copilot mcp-security-audit` | Audit MCP (Model Context Protocol) server configurations for security issues. Use this skill when:<br />- Reviewing .mcp.json files for security risks<br />- Checking MCP server args for hardcoded secrets or shell injection patterns<br />- Validating that MCP servers use pinned versions (not @latest)<br />- Detecting unpinned dependencies in MCP server configurations<br />- Auditing which MCP servers a project registers and whether they're on an approved list<br />- Checking for environment variable usage vs. hardcoded credentials in MCP configs<br />- Any request like "is my MCP config secure?", "audit my MCP servers", or "check .mcp.json"<br />keywords: [mcp, security, audit, secrets, shell-injection, supply-chain, governance] | None |
|
||||
| [mcp-security-baseline](../skills/mcp-security-baseline/SKILL.md)<br />`gh skills install github/awesome-copilot mcp-security-baseline` | Review MCP (Model Context Protocol) server and client source code against a security baseline — authentication, sessions, rate limiting, input-schema validation, official-SDK usage, RCE vectors, and the OWASP MCP Top 10 — producing a report with file/line evidence. Use this skill when:<br />- Reviewing an MCP server implementation for security before release<br />- Checking a server against the baseline controls (MCP-01 to MCP-05) and the OWASP MCP Top 10<br />- Auditing tools for RCE vectors (command/code injection, unsafe deserialization, path traversal, SSTI, dependency hijacking, SSRF)<br />- Verifying auth, session, rate-limiting, and input-validation controls on a network-exposed server<br />- Reviewing MCP client code that handles untrusted server responses and session IDs<br />- Requests like "review this MCP server for security" or "is my MCP server implementation secure?" | None |
|
||||
| [md-to-docx](../skills/md-to-docx/SKILL.md)<br />`gh skills install github/awesome-copilot md-to-docx` | Convert Markdown files to professionally formatted Word (.docx) documents with embedded PNG images — pure JavaScript, no external tools required | `scripts/md-to-docx.mjs`<br />`scripts/package.json` |
|
||||
| [meeting-minutes](../skills/meeting-minutes/SKILL.md)<br />`gh skills install github/awesome-copilot meeting-minutes` | Generate concise, actionable meeting minutes for internal meetings. Includes metadata, attendees, agenda, decisions, action items (owner + due date), and follow-up steps. | None |
|
||||
| [memory-merger](../skills/memory-merger/SKILL.md)<br />`gh skills install github/awesome-copilot memory-merger` | Merges mature lessons from a domain memory file into its instruction file. Syntax: `/memory-merger >domain [scope]` where scope is `global` (default), `user`, `workspace`, or `ws`. | None |
|
||||
|
||||
+3
-3
@@ -1,7 +1,7 @@
|
||||
---
|
||||
name: mcp-security-baseline
|
||||
name: mcp-implementation-security-review
|
||||
description: |
|
||||
Review MCP (Model Context Protocol) server and client source code against a security baseline — authentication, sessions, rate limiting, input-schema validation, official-SDK usage, RCE vectors, and the OWASP MCP Top 10 — producing a report with file/line evidence. Use this skill when:
|
||||
Review the implementation source code of MCP (Model Context Protocol) servers, clients, and tool handlers against a security baseline — authentication, sessions, rate limiting, input-schema validation, official-SDK usage, RCE vectors, and the OWASP MCP Top 10 — producing a report with file/line evidence. Use this skill when:
|
||||
- Reviewing an MCP server implementation for security before release
|
||||
- Checking a server against the baseline controls (MCP-01 to MCP-05) and the OWASP MCP Top 10
|
||||
- Auditing tools for RCE vectors (command/code injection, unsafe deserialization, path traversal, SSTI, dependency hijacking, SSRF)
|
||||
@@ -10,7 +10,7 @@ description: |
|
||||
- Requests like "review this MCP server for security" or "is my MCP server implementation secure?"
|
||||
---
|
||||
|
||||
# MCP Security Baseline Review
|
||||
# MCP Implementation Security Review
|
||||
|
||||
## Process
|
||||
|
||||
Reference in New Issue
Block a user