Safer Fetch MCP Server
A Model Context Protocol server that provides web content fetching capabilities with built-in prompt injection safeguards. This server enables LLMs to retrieve and process content from web pages, converting HTML to markdown for easier consumption, while protecting against malicious content that could manipulate the LLM.
🚀 Quick Start
Installing the Server
Run the MCP server using uvx:
The --refresh flag ensures you always get the latest version.
Configuring in Your AI IDE
Choose your IDE and add the configuration to enable the fetch MCP server:
Claude Desktop
Edit your Claude Desktop configuration file:
macOS:
~/Library/Application Support/Claude/claude_desktop_config.jsonWindows:
%APPDATA%\Claude\claude_desktop_config.jsonLinux:
~/.config/Claude/claude_desktop_config.json
VS Code (Cline / Roo Cline)
Add to your VS Code settings (.vscode/mcp.json in workspace or User Settings JSON):
Or use the one-click install buttons:
Cursor
Add to Cursor settings:
Open Cursor Settings (
Cmd/Ctrl + ,)Search for "MCP"
Add server configuration, or edit
.cursor/mcp.json:
Continue (VS Code Extension)
Edit ~/.continue/config.json:
Goose AI
Edit ~/.config/goose/profiles.yaml:
⚠️ Disclaimer
This software is provided "as is" without warranty of any kind. While this server implements prompt injection detection and mitigation measures, no security solution is 100% effective. The safeguards implemented are designed to reduce risk but cannot guarantee complete protection against all prompt injection attacks.
Users should:
Exercise caution when fetching content from untrusted sources
Review fetched content before acting on it in sensitive contexts
Understand that determined attackers may find ways to bypass detection
Not rely solely on these safeguards for security-critical applications
The maintainers are not responsible for any damages or security incidents resulting from the use of this software.
Security Features
This server includes prompt injection safeguards to protect LLMs from malicious web content:
1. Content Boundary Wrapping
All fetched content is wrapped in security boundary tags with a random boundary ID (to prevent escape attacks). The wrapper includes:
Clear instructions that content should be treated as DATA ONLY, not as instructions
Critical security rules for the LLM to follow
Source URL attribution
2. Prompt Injection Pattern Detection
Content is scanned for 20+ suspicious patterns including:
Instruction overrides: "ignore previous instructions", "disregard prior prompts"
Role manipulation: "you are now", "act as", "pretend to be"
System prompt attacks: "new system prompt", "override instructions"
Jailbreak attempts: "developer mode", "DAN mode", "bypass restrictions"
Output manipulation: "do not mention", "keep this secret"
Encoded instructions: Base64 patterns, "decode and execute"
When suspicious patterns are detected:
NO DATA is returned - the fetched content is completely blocked
Only a warning message is returned indicating the number of patterns detected
The source URL is provided so users can manually review if they believe it's a false positive
This server can access local/internal IP addresses and may represent a security risk. Exercise caution when using this MCP server to ensure this does not expose any sensitive data.
The fetch tool will truncate the response, but by using the start_index argument, you can specify where to start the content extraction. This lets models read a webpage in chunks, until they find the information they need.
Available Tools
fetch- Fetches a URL from the internet and extracts its contents as markdown.url(string, required): URL to fetchmax_length(integer, optional): Maximum number of characters to return (default: 5000)start_index(integer, optional): Start content from this character index (default: 0)raw(boolean, optional): Get raw content without markdown conversion (default: false)
When the output type is 'md' and the fetched resource is a PDF, it will be automatically converted to plain text.
Prompts
fetch
Fetch a URL and extract its contents as markdown
Arguments:
url(string, required): URL to fetch
Installation
Using uv (recommended)
When using uv no specific installation is needed. We will
use uvx to directly run mcp-server-fetch-tom:
Advanced Configuration
Alternative Installation Methods
The examples above use uvx for simplicity. You can also use:
First install: pip install mcp-server-fetch-tom
Then configure:
Customization - User-agent
By default, depending on if the request came from the model (via a tool), or was user initiated (via a prompt), the server will use either the user-agent
or
This can be customized by adding the argument --user-agent=YourUserAgent to the args list in the configuration.
Customization - Proxy
The server can be configured to use a proxy by using the --proxy-url argument.
Windows Configuration
If you're experiencing timeout issues on Windows, you may need to set the PYTHONIOENCODING environment variable to ensure proper character encoding:
This addresses character encoding issues that can cause the server to timeout on Windows systems.
Debugging
You can use the MCP inspector to debug the server. For uvx installations:
Or if you've installed the package in a specific directory or are developing on it:
Building and deploying
uvx --from build pyproject-build and uvx twine dist/*
Contributing
We encourage contributions to help expand and improve mcp-server-fetch. Whether you want to add new tools, enhance existing functionality, or improve documentation, your input is valuable.
For examples of other MCP servers and implementation patterns, see: https://github.com/modelcontextprotocol/servers
Pull requests are welcome! Feel free to contribute new ideas, bug fixes, or enhancements to make mcp-server-fetch even more powerful and useful.
Security Considerations
While this server implements prompt injection safeguards, security is a shared responsibility:
Defense in depth: These safeguards are one layer of protection; combine with other security measures
Regular updates: Keep the server updated to benefit from new pattern detection rules
Report vulnerabilities: If you discover a bypass or vulnerability, please report it responsibly
False positives: The pattern detection may flag legitimate content; review warnings in context
License
mcp-server-fetch is licensed under the MIT License. This means you are free to use, modify, and distribute the software, subject to the terms and conditions of the MIT License. For more details, please see the LICENSE file in the project repository.