mcp-safe-fetch
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@mcp-safe-fetchfetch the text from https://example.com"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
mcp-safe-fetch
An injection-aware content fetcher, exposed over the Model Context Protocol.
Agents that read the open web read content nobody on your team wrote. A page or a post can carry a fake closing tag followed by "ignore previous instructions and ...". This server fetches a URL, strips it to text, runs defense-in-depth sanitization, caps the size, and caches the result. It is small on purpose. It is the reference implementation of a set of production hardening field notes, not a framework.
Why it exists
Most MCP servers are written for a demo: one caller, one happy path, no untrusted input, no cost ceiling. In production the failures cluster in three places, and none of them show up on day one:
Untrusted content. A single tag stripper feels safe and is not. Unicode variants and unclosed tags walk straight through one regex.
Cost. An unbounded response body or an oversized context is money spent on noise.
Concurrency. Two tools touching one SQLite file throw
database is locked.
This server answers all three in code you can read in five minutes.
Related MCP server: MCP URL Fetcher
What it does
fetch_clean(url, max_chars=2500) returns sanitized, size-capped text plus an audit of
what was done. The defense is order, not cleverness:
strip the injection wrapper by its literal name, first
normalize unicode (NFKC) so homoglyph tags cannot hide
drop script and style bodies, then the generic tag strip
a second net for common instruction-override phrases
It caps input size with a [truncated] marker (if the model has to ignore most of the
input, you are paying for nothing), clamps the per-call cap at the entry to a hard ceiling,
and caches results in SQLite opened with WAL and busy_timeout so overlapping callers
wait instead of crashing.
Install
pip install -e .Run
As a standalone MCP server (stdio):
mcp-safe-fetchRegister it with an MCP client (for example, Claude Code) by pointing the client at the
mcp-safe-fetch command. The server exposes one tool, fetch_clean.
Test
pip install -e ".[dev]"
pytestThe field notes behind it
The reasoning, with the production incidents that motivated each defense, is written up
here: a short essay on MCP hardening (concurrency, prompt injection, cost) and what breaks
after day 30. The sanitizer in src/mcp_safe_fetch/sanitize.py is the exact function from
that write-up.
License
MIT.
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Tools
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/PortfolioKB/mcp-safe-fetch'
If you have feedback or need assistance with the MCP directory API, please join our Discord server