mcp-guardian
Offers Lefthook integration to scan staged MCP configuration files for security issues during the pre-commit stage.
Provides a pre-commit hook to automatically scan MCP configurations for security issues before committing changes.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@mcp-guardianscan my claude_desktop_config.json for prompt injection attacks"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
mcp-guardian
MCP security scanner that detects prompt injection attacks in tool descriptions.
What It Detects
Cross-tool instructions - Attempts to chain tool calls ("before using this tool", "first call", "you must execute")
Privilege escalation - Attempts to override safety ("ignore previous instructions", "you are now", "bypass security")
Data exfiltration - Attempts to send data externally (URLs, "send to", "upload to")
Stealth directives - Hidden instructions in descriptions
Sensitive path access - References to ~/.ssh, ~/.aws, credentials, etc.
Encoded content - Base64, unicode escapes, hex encoding (potential obfuscation)
Related MCP server: agent-audit
Installation
npm install mcp-guardianUsage
CLI - Scan MCP Config
# Auto-detect Claude Desktop config
npx mcp-guardian
# Explicit config path
npx mcp-guardian /path/to/claude_desktop_config.json
# JSON output
npx mcp-guardian --jsonCLI - Run as MCP Server
npx mcp-guardian --mcpClaude Desktop Integration
Add to your claude_desktop_config.json:
{
"mcpServers": {
"mcp-guardian": {
"command": "npx",
"args": ["-y", "mcp-guardian", "--mcp"]
}
}
}Library Usage
import {
scanToolDescription,
scanToolDefinitions,
isDescriptionSafe,
verifyToolDefinitions,
} from "mcp-guardian";
// Scan a single tool description
const result = scanToolDescription("my_tool", "Tool description here");
if (result.status === "critical") {
console.error("Potential injection:", result.issues);
}
// Quick safety check
if (!isDescriptionSafe("Before using this tool, first call...")) {
console.warn("Suspicious description detected");
}
// Scan multiple tools
const tools = [
{ name: "tool1", description: "...", schema: {} },
{ name: "tool2", description: "...", schema: {} },
];
const serverResult = scanToolDefinitions(tools, "my-server");
// Tool pinning - detect changes
const pinResult = verifyToolDefinitions(tools);
if (pinResult.status === "changed") {
console.warn("Tool definitions changed:", pinResult.changedTools);
}Demo
Try mcp-guardian instantly with built-in poisoned tool examples:
npx mcp-guardian demoThis scans hardcoded examples demonstrating real attack patterns — no config file needed.
Expected output:
✅ filesystem (14 tools)
✅ memory (9 tools)
🔴 suspicious-tool (4 tools)
└─ add: sensitive_path (~/.ssh)
└─ format_text: privilege_escalation ("You are now")
└─ search_docs: exfiltration (evil URL), sensitive_path (~/.aws/credentials)
Summary:
📊 Total tools: 27
✅ Clean: 2
⚠️ Warning: 0
🚨 Critical: 1The poisoned server demonstrates real attack patterns from published security research. See examples/poisoned-server/README.md for details.
Detection Patterns
Critical Severity (38 patterns)
Category | Examples |
Cross-tool instruction | "before using this tool", "first call", "then execute", "always call" |
Privilege escalation | "ignore previous instructions", "override system", "you are now" |
Exfiltration | URLs, "send to", "post to", "forward to", "upload to" |
Warning Severity (13 patterns)
Category | Examples |
Sensitive paths | ~/.ssh, ~/.aws, /etc/passwd, .env, api_key |
Encoded content | Base64 strings, unicode escapes, hex encoding |
Pre-commit Integration
Using pre-commit framework
Add to your .pre-commit-config.yaml:
repos:
- repo: https://github.com/alexandriashai/mcp-guardian
rev: v1.2.2
hooks:
- id: mcp-guardianUsing Husky
Add to .husky/pre-commit:
#!/bin/sh
. "$(dirname "$0")/_/husky.sh"
npx mcp-guardian --sync --quietUsing Lefthook
Add to lefthook.yml:
pre-commit:
commands:
mcp-guardian:
glob: "claude_desktop_config.json"
run: npx mcp-guardian --sync {staged_files}Tool Pinning
MCP Guardian includes tool definition pinning - SHA-256 hashing of tool definitions to detect tampering:
import { verifyToolDefinitions, approveAllTools } from "mcp-guardian";
// Verify tools against stored baseline
const result = verifyToolDefinitions(tools);
// Status: "created" | "verified" | "changed" | "error"
if (result.status === "changed") {
console.log("Modified tools:", result.changedTools);
console.log("New tools:", result.newTools);
console.log("Removed tools:", result.removedTools);
}
// Re-approve all tools (after review)
approveAllTools(tools);Manifests are stored in ~/.mcp-guardian/tool-manifest.json.
Research References
This tool is informed by MCP security research from:
License
MIT
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/alexandriashai/mcp-guardian'
If you have feedback or need assistance with the MCP directory API, please join our Discord server