mcpwall

Overview Schema Related Servers Score Discussions

mcpwall
rules

default.yml•3.29 KiB

version: 1 settings: log_dir: ~/.mcpwall/logs log_level: info default_action: allow rules: # === FILE ACCESS PROTECTION === - name: block-ssh-keys match: method: tools/call tool: "*" arguments: _any_value: regex: "(\\.ssh/|id_rsa|id_ed25519|id_ecdsa)" action: deny message: "Blocked: access to SSH keys" - name: block-env-files match: method: tools/call tool: "*" arguments: _any_value: regex: "/\\.env($|\\.)" action: deny message: "Blocked: access to .env files" - name: block-credentials match: method: tools/call tool: "*" arguments: _any_value: regex: "(\\.aws/credentials|\\.npmrc|\\.docker/config\\.json|\\.kube/config|\\.gnupg/)" action: deny message: "Blocked: access to credential files" - name: block-browser-data match: method: tools/call tool: "*" arguments: _any_value: regex: "(Chrome|Firefox|Safari)/(Default|Profile|Cookies|Login Data)" action: deny message: "Blocked: access to browser data" # === DANGEROUS COMMANDS === - name: block-destructive-commands match: method: tools/call tool: "*" arguments: _any_value: regex: "(rm\\s+-r|rm\\s+-f|rmdir\\s+/|mkfs|dd\\s+if=|format\\s+[A-Z]:)" action: deny message: "Blocked: destructive command" - name: block-pipe-to-shell match: method: tools/call tool: "*" arguments: _any_value: regex: "(curl|wget|fetch).*\\|.*(bash|sh|zsh|python|node)" action: deny message: "Blocked: piping remote content to shell" - name: block-reverse-shells match: method: tools/call tool: "*" arguments: _any_value: regex: "(nc\\s+-[le]|/dev/tcp/|bash\\s+-i\\s+>&|mkfifo|socat)" action: deny message: "Blocked: potential reverse shell" # === SECRET LEAKAGE === - name: block-secret-leakage match: method: tools/call tool: "*" arguments: _any_value: secrets: true action: deny message: "Blocked: detected secret/API key in tool arguments" # === OUTBOUND RULES (Response Inspection) === outbound_rules: - name: redact-secrets-in-responses match: secrets: true action: redact message: "Secret detected in server response and redacted" - name: flag-large-responses match: response_size_exceeds: 102400 action: log_only message: "Response exceeds 100KB" secrets: patterns: - name: aws-access-key regex: "AKIA[0-9A-Z]{16}" - name: aws-secret-key regex: "[A-Za-z0-9/+=]{40}" entropy_threshold: 4.5 - name: github-token regex: "(gh[ps]_[A-Za-z0-9_]{36,}|github_pat_[A-Za-z0-9_]{22,})" - name: openai-key regex: "sk-[A-Za-z0-9]{20,}" - name: anthropic-key regex: "sk-ant-[A-Za-z0-9-]{20,}" - name: stripe-key regex: "(sk|pk|rk)_(test|live)_[A-Za-z0-9]{24,}" - name: private-key-header regex: "-----BEGIN (RSA |EC |DSA |OPENSSH )?PRIVATE KEY-----" - name: jwt-token regex: "eyJ[A-Za-z0-9_-]{10,}\\.[A-Za-z0-9_-]{10,}\\.[A-Za-z0-9_-]{10,}" - name: slack-token regex: "xox[bpoas]-[A-Za-z0-9-]+" - name: database-url regex: "(postgres|mysql|mongodb|redis)://[^\\s]+"

Loading blob content...

Latest Blog Posts

Redis vs ioredis vs valkey-glide
By punkpeye on January 26, 2026.
benchmark
Redis
valkey
Quickstart: Publish an MCP Server to the MCP Registry
By punkpeye on January 24, 2026.
mcp
official reference mirror
Official MCP Registry Server.json Requirements
By punkpeye on January 24, 2026.
mcp
official reference mirror

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/behrensd/mcpwall'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

default.yml•3.29 KiB