KeyProbe Certificate Audit MCP Server

MCP server by PabloLec for auditing certificates and keystores — surfacing expiry risks, weak cryptographic algorithms, and misconfigurations. Enables AI security agents to analyze X.509 certificates, keystores (JKS, PKCS12), and PKI infrastructure for security hygiene issues without manual certificate inspection.

Evaluated Mar 06, 2026 (0d ago) vcurrent
Homepage ↗ Repo ↗ Security certificates keystores ssl tls pki security audit mcp-server AUTHORIZED USE ONLY
⚙ Agent Friendliness
73
/ 100
Can an agent use this?
🔒 Security
78
/ 100
Is it safe for agents?
⚡ Reliability
66
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
65
Documentation
65
Error Messages
63
Auth Simplicity
95
Rate Limits
90

🔒 Security

TLS Enforcement
85
Auth Strength
80
Scope Granularity
72
Dep. Hygiene
72
Secret Handling
78

Keystores contain private keys — highest sensitivity. Read-only access. Never log key material. Authorized contexts only.

⚡ Reliability

Uptime/SLA
70
Version Stability
68
Breaking Changes
65
Error Recovery
63
AF Security Reliability

Best When

A security operations or DevSecOps agent needs to audit certificate inventories — checking for impending expirations, weak key lengths, deprecated algorithms, or keystore misconfigurations before they cause outages or security incidents.

Avoid When

You need dynamic TLS monitoring of live connections rather than static certificate file analysis. Certificate files must be accessible to the agent.

Use Cases

  • Automated certificate expiry monitoring from security operations agents
  • Auditing keystore configurations for weak algorithms from security review agents
  • PKI misconfiguration detection from compliance and security agents
  • Certificate inventory and health reporting from infrastructure monitoring agents

Not For

  • Certificate issuance or renewal (audit/analysis only)
  • Real-time TLS monitoring of live connections (static certificate analysis)
  • Non-security teams without certificate management responsibilities

Interface

REST API
No
GraphQL
No
gRPC
No
MCP Server
Yes
SDK
No
Webhooks
No

Authentication

Methods: none
OAuth: No Scopes: No

No external auth — analyzes certificate files locally. File system access controls apply.

Pricing

Model: free
Free tier: Yes
Requires CC: No

Free open source. No external API costs.

Agent Metadata

Pagination
none
Idempotent
Full
Retry Guidance
Not documented

Known Gotchas

  • AUTHORIZED USE ONLY: Only audit certificates and keystores you own or are authorized to analyze
  • Private keys embedded in keystores are extremely sensitive — agent should not log or expose key material
  • Certificate files need filesystem access — ensure agent has read-only access to cert paths only
  • PabloLec is a well-known security tooling developer — quality community implementation

Alternatives

certbot-mcp vault-mcp-server infocert-mcp

Full Evaluation Report

Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for KeyProbe Certificate Audit MCP Server.

$99
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-06.

5220
Packages Evaluated
26151
Need Evaluation
173
Need Re-evaluation
Community Powered