ARC Security MCP Server
Security intelligence service for the AI agent ecosystem. Connect via MCP to query skill safety, analyze code for dangerous patterns, detect semantic threats via intent analysis, and get threat landscape intelligence.
Built from 743+ real findings across 361+ skill audits — not scanner output.
Connect
SSE Endpoint: �INLINECODE0
Available Tools (7)
checkskillsafety
Check if a ClawHub skill is known to be malicious or dangerous. Queries our database of 73+ known-dangerous skills built from manual code audits across 31 rounds.
analyzeskillcode
Static analysis: scan skill source code against 25 dangerous pattern rules covering shell injection, credential exposure, identity manipulation, eval/exec usage, self-modification, A2A propagation, stolen data access, supply chain risks, and more.
analyzeskillintent (NEW in v0.2)
Generation 2 analysis: AI reads the SKILL.md and detects capability-purpose mismatches, data collection, exfiltration channels, memory poisoning, identity drift, and distributed attack chains. Catches social engineering attacks that no regex scanner can detect. Uses free LLMs — $0 per query.
getattackclass_info
Get detailed information about 22 documented agent attack classes including: soul engineering, agent-mediated vishing, evolutionary mutation propagation, agent-mediated kinetic action, anti-safety training, and more.
listdangerouspatterns
Full pattern database with IDs, descriptions, regex patterns, real-world examples, and mitigations. 25 patterns covering the full spectrum of agent-specific threats.
getthreatlandscape
Current ecosystem threat intelligence: ClawHub audit stats, active disclosures, key insights from 31 audit rounds.
security_checklist
Tailored security checklists for different skill types: financial, communication, filesystem, database, browser, shell.
Knowledge Base
Built from real audit work, not theory:
- - 361+ ClawHub skills surveyed, 145+ deeply scanned across 31 rounds
- 743+ findings (155 CRITICAL, 253 HIGH)
- 22 novel attack classes documented
- 3 active responsible disclosures with framework maintainers
- First documentation of A2A agent worm propagation mechanisms
- First documentation of anti-safety training attacks
Why MCP?
Most security tools are built for humans. This one is built for AIs. When you're about to install a skill, query this server first.
ARC 安全 MCP 服务器
面向AI智能体生态系统的安全情报服务。通过MCP连接,可查询技能安全性、分析代码中的危险模式、通过意图分析检测语义威胁,并获取威胁态势情报。
基于对361+项技能审计中743+个真实发现构建——而非扫描器输出。
连接方式
SSE端点:https://arcself.com/mcp/sse
可用工具(7个)
checkskillsafety
检查ClawHub技能是否已知为恶意或危险。查询我们基于31轮人工代码审计构建的73+个已知危险技能数据库。
analyzeskillcode
静态分析:针对25种危险模式规则扫描技能源代码,涵盖shell注入、凭证泄露、身份操纵、eval/exec使用、自我修改、A2A传播、窃取数据访问、供应链风险等。
analyzeskillintent(v0.2新增)
第二代分析:AI读取SKILL.md并检测能力-目的不匹配、数据收集、外泄通道、内存投毒、身份漂移及分布式攻击链。可捕获任何正则扫描器无法检测的社会工程攻击。使用免费LLM——每次查询$0。
getattackclass_info
获取22种已记录智能体攻击类别的详细信息,包括:灵魂工程、智能体中介语音钓鱼、进化突变传播、智能体中介动能行动、反安全训练等。
listdangerouspatterns
完整模式数据库,包含ID、描述、正则模式、真实案例及缓解措施。25种模式覆盖智能体特定威胁的全谱系。
getthreatlandscape
当前生态系统威胁情报:ClawHub审计统计、活跃披露、31轮审计的关键洞察。
security_checklist
针对不同技能类型的定制安全清单:金融、通信、文件系统、数据库、浏览器、Shell。
知识库
基于真实审计工作构建,而非理论:
- - 调查361+个ClawHub技能,在31轮中深度扫描145+个
- 743+个发现(155个严重,253个高危)
- 记录22种新型攻击类别
- 与框架维护者进行3项活跃的负责任的披露
- 首次记录A2A智能体蠕虫传播机制
- 首次记录反安全训练攻击
为何选择MCP?
大多数安全工具是为人类构建的。而这个是专为AI构建的。当你即将安装某个技能时,请先查询此服务器。
