Hve-core owasp-mcp
OWASP MCP Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in Model Context Protocol environments - Brought to you by microsoft/hve-core.
install
source · Clone the upstream repo
git clone https://github.com/microsoft/hve-core
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/microsoft/hve-core "$T" && mkdir -p ~/.claude/skills && cp -r "$T/.github/skills/security/owasp-mcp" ~/.claude/skills/microsoft-hve-core-owasp-mcp && rm -rf "$T"
manifest:
.github/skills/security/owasp-mcp/SKILL.mdsource content
OWASP MCP Top 10 — Skill Entry
This
SKILL.mdThe skill encodes the OWASP MCP Top 10 (2025) as structured, machine-readable references that an agent can query to identify, assess, and remediate MCP security risks.
Normative references (MCP Top 10)
- 00 Vulnerability Index
- 01 Token Mismanagement and Secret Exposure
- 02 Privilege Escalation via Scope Creep
- 03 Tool Poisoning
- 04 Software Supply Chain Attacks and Dependency Tampering
- 05 Command Injection and Execution
- 06 Prompt Injection via Contextual Payloads
- 07 Insufficient Authentication and Authorization
- 08 Lack of Audit and Telemetry
- 09 Shadow MCP Servers
- 10 Context Injection and Over-Sharing
Skill layout
— this file (skill entrypoint).SKILL.md
— the MCP Top 10 normative documents.references/
— index of all vulnerability identifiers, severities, and cross-references.00-vulnerability-index.md
through01
— one document per vulnerability aligned with OWASP MCP numbering.10
🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.