Droidsec Auto Auditor

v1.0.0

A powerful MCP server built with NitroStack

Connection Setup

Add via Cursor Settings UI (Settings > Features > MCP > Add New MCP Server):

{
  "mcpServers": {
    // your other mcp servers
    "droidsec-auto-auditor": {
      "url": "https://droidsec-auditor-6-risersss-amrita-university-amritapuri-campus.app.nitrocloud.ai/mcp"
    }
  }
}

Connect remote tools directly via Claude's Web UI:

Add custom connector BETA
Connect Claude to your data and tools. Learn more about connectors or get started with pre-built ones.
Advanced settings
Only use connectors from developers you trust. Anthropic does not control which tools developers make available and cannot verify that they will work as intended or that they won't change.

Configure custom tools directly via ChatGPT's Web UI:

New App
PNG only. Best results at 256 x 256 px or larger. Max file size: 10 KB
Custom MCP servers introduce risk. Learn more
OpenAI hasn't reviewed this MCP server. Attackers may attempt to steal your data or trick the model into taking unintended actions, including destroying data.

Add the following configuration block under mcpServers in your Antigravity configuration file (~/.gemini/config/mcp_config.json):

{
  "mcpServers": {
    // your other mcp servers
    "droidsec-auto-auditor": {
      "serverUrl": "https://droidsec-auditor-6-risersss-amrita-university-amritapuri-campus.app.nitrocloud.ai/mcp"
    }
  }
}

Add the following configuration block to your Codex configuration file (~/.codex/config.toml):

[mcp_servers.droidsec-auto-auditor]
url = "https://droidsec-auditor-6-risersss-amrita-university-amritapuri-campus.app.nitrocloud.ai/mcp"

Connect directly using the Server-Sent Events endpoint:

https://droidsec-auditor-6-risersss-amrita-university-amritapuri-campus.app.nitrocloud.ai/mcp
Available Tools
scan_for_hardcoded_keys

Scans local app storage and resources for hardcoded API keys and secrets using live Gitleaks patterns

analyze_content_provider_exposure

Parses AndroidManifest.xml to find exported Content Providers, Debug Mode, Insecure Backups, and Cleartext Traffic vulnerabilities

extract_plaintext_credentials

Queries the local database for plaintext-stored passwords or session tokens

ingest_file

Ingests an Android or web source file for security analysis

scan_js_ast

Parses a JavaScript file into an AST and flags suspicious variable assignments

audit_web_dependencies

Scans package.json for outdated or vulnerable NPM dependencies

audit_html_security

Scans index.html for missing Content Security Policy and unsafe inline scripts