I Built an MCP Security Audit System with mcp-scan and Notion MCP

This is a submission for the Notion MCP Challenge What I Built I spend most of my day inside Claude Desktop, Cursor, and VS Code. Each of those tools runs MCP servers in the background. Those servers have full access to my filesystem, environment variables, and network. I'd never actually audited what they were doing. So I built a two-part system. First: mcp-scan , a CLI that scans every MCP server config on your machine and reports what it finds. Second: a Notion MCP integration that takes those findings and pushes them into a structured Notion database, turning a one-time terminal output into a tracked security backlog. Running it on my own machine found 3 HIGH and 9 MEDIUM severity issues across 10 servers. One server had both filesystem access and outbound network calls (textbook exfiltration setup). Another was pulling from an unverified npm package outside the @modelcontextprotocol org. Neither of those was obvious from reading config files. The pipeline: npx mcp-scan@latest --js