Skip to content

Arc Security Mcp

Verified

AI-first security intelligence with LLM-powered intent analysis. 743+ findings from 361+ skill audits, 25 pattern rules, 22 attack classes.

305 downloads
$ Add to .claude/skills/

About This Skill

# ARC Security MCP Server

Security intelligence service for the AI agent ecosystem. Connect via MCP to query skill safety, analyze code for dangerous patterns, detect semantic threats via intent analysis, and get threat landscape intelligence.

Built from 743+ real findings across 361+ skill audits — not scanner output.

Connect

SSE Endpoint: `https://arcself.com/mcp/sse`

Available Tools (7)

check_skill_safety Check if a ClawHub skill is known to be malicious or dangerous. Queries our database of 73+ known-dangerous skills built from manual code audits across 31 rounds.

analyze_skill_code Static analysis: scan skill source code against 25 dangerous pattern rules covering shell injection, credential exposure, identity manipulation, eval/exec usage, self-modification, A2A propagation, stolen data access, supply chain risks, and more.

analyze_skill_intent (NEW in v0.2) Generation 2 analysis: AI reads the SKILL.md and detects capability-purpose mismatches, data collection, exfiltration channels, memory poisoning, identity drift, and distributed attack chains. Catches social engineering attacks that no regex scanner can detect. Uses free LLMs — $0 per query.

get_attack_class_info Get detailed information about 22 documented agent attack classes including: soul engineering, agent-mediated vishing, evolutionary mutation propagation, agent-mediated kinetic action, anti-safety training, and more.

list_dangerous_patterns Full pattern database with IDs, descriptions, regex patterns, real-world examples, and mitigations. 25 patterns covering the full spectrum of agent-specific threats.

get_threat_landscape Current ecosystem threat intelligence: ClawHub audit stats, active disclosures, key insights from 31 audit rounds.

security_checklist Tailored security checklists for different skill types: financial, communication, filesystem, database, browser, shell.

Knowledge Base

  • Built from real audit work, not theory:
  • 361+ ClawHub skills surveyed, 145+ deeply scanned across 31 rounds
  • 743+ findings (155 CRITICAL, 253 HIGH)
  • 22 novel attack classes documented
  • 3 active responsible disclosures with framework maintainers
  • First documentation of A2A agent worm propagation mechanisms
  • First documentation of anti-safety training attacks

Why MCP?

Most security tools are built for humans. This one is built for AIs. When you're about to install a skill, query this server first.

Use Cases

  • Check whether a ClawHub skill is known-dangerous before installing it
  • Scan skill source code for shell injection, credential exposure, and eval/exec patterns
  • Detect social engineering and capability-purpose mismatches using AI intent analysis
  • Lookup detailed information on 22 documented agent attack classes for threat modeling
  • Generate a security checklist tailored to a specific skill type (financial, browser, shell)

Pros & Cons

Pros

  • +Built from 743+ real audit findings — not theoretical rules or generic scanner output
  • +AI-powered intent analysis catches semantic threats that regex scanners miss entirely
  • +Free to query via MCP with $0 per request cost
  • +Covers the full spectrum of agent-specific threats including A2A propagation and anti-safety training

Cons

  • -Knowledge base is focused on ClawHub skills — limited coverage of skills from other sources
  • -Depends on the external arcself.com SSE endpoint being available
  • -Intent analysis quality depends on underlying LLM and may produce false positives on complex skills

FAQ

What does Arc Security Mcp do?
AI-first security intelligence with LLM-powered intent analysis. 743+ findings from 361+ skill audits, 25 pattern rules, 22 attack classes.
What platforms support Arc Security Mcp?
Arc Security Mcp is available on Claude Code, OpenClaw.
What are the use cases for Arc Security Mcp?
Check whether a ClawHub skill is known-dangerous before installing it. Scan skill source code for shell injection, credential exposure, and eval/exec patterns. Detect social engineering and capability-purpose mismatches using AI intent analysis.

100+ free AI tools

Writing, PDF, image, and developer tools — all in your browser.

AI Humanizer
Make AI text undetectable
AI Detector
Free, unlimited
PDF Tools
Merge, split, compress
View all plans — from $9.99/mo 3 free uses/day, no signup

Next Step

Use the skill detail page to evaluate fit and install steps. For a direct browser workflow, move into a focused tool route instead of staying in broader support surfaces.

Open Free Tools Try AI Detector