mcp-guard
mcp-guard is a security and network MCP server providing local hardware access, network analysis, forensics, and supply chain auditing — capabilities impossible for remote/cloud services.
Local Hardware & System Tools
Wi-Fi scan — Nearby networks (SSID, BSSID, signal, channel, security type)
Bluetooth scan — Nearby devices (name, address, type, pairing status)
USB devices — All connected USB devices (vendor, product ID, speed, manufacturer)
System info — CPU, RAM, disk, uptime, network interfaces with IPs/MACs
Process list — Running processes with CPU% and memory, filterable by name
Open files — All files, sockets, and pipes open by processes (via lsof)
Network connections — Live TCP connections (like netstat)
File watch — Real-time kernel-level FS events (create, write, delete, rename)
Network Discovery & Scanning
ARP scan — Layer 2 LAN discovery (IP, MAC, hostname, vendor; finds hosts blocking ICMP/TCP)
Ping sweep — ICMP host discovery across a CIDR range
Port scan — Concurrent TCP port scanner with service name lookup
Traceroute — Hop-by-hop network path tracing via ICMP TTL probes
Banner grab — Raw TCP banners from any protocol (SSH, FTP, SMTP, Redis, etc.)
Security Auditing & Forensics
Secret scan — Find hardcoded credentials (20+ patterns: AWS, GitHub, OpenAI, Stripe, private keys, DB URLs, etc.)
Hash files — SHA-256 hashes of all files in a directory for integrity baselines
Critical file monitor — Track unauthorized changes to SSH keys, /etc/hosts, sudoers, shell profiles (scan/baseline/diff modes)
Persistence scan — Detect malware persistence: LaunchAgents/Daemons (macOS), systemd units (Linux), cron jobs, shell profile injections
Supply chain audit — Audit node_modules for dangerous lifecycle scripts, typosquatting (Levenshtein distance vs. 50+ popular packages), and runtime eval()
Network & Web Utilities
SSL inspect — Full TLS certificate chain (expiry, issuer, SANs, key size, weak-config warnings)
DNS enumeration — A, AAAA, MX, NS, TXT, CNAME records; detects missing SPF/DMARC
HTTP header audit — Security headers scored 0–100 with a letter grade
CVE check — npm dependencies checked against the OSV vulnerability database (no API key needed)
JWT decode — Locally decode JWTs (algorithm, expiry, security warnings)
Scans for exposed GitHub tokens and secrets.
Identifies open MySQL ports and services on target hosts via TCP port scanning.
Checks npm dependencies for known vulnerabilities using the OSV database.
Scans for hardcoded OpenAI API keys.
Identifies open Redis ports and services on target hosts via TCP port scanning.
Scans for exposed SendGrid API keys.
Scans for exposed Slack tokens.
Scans for exposed Stripe API keys and secrets.
Scans for exposed Twilio credentials.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@mcp-guardaudit HTTP security headers on https://example.com"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
mcp-guard
Security and network MCP server for Claude Code and Cursor. Written in Go.
Why mcp-guard
Most MCP servers are API wrappers. Claude could look up the same data itself if it had web access.
mcp-guard is different. 12 of its 22 tools require a physical machine to function. Wi-Fi scanning needs a radio chip. Bluetooth scanning needs an adapter. ARP discovery sends Layer 2 frames that never leave your local network — no cloud service receives them. File watching subscribes to kernel events on your machine's filesystem. USB enumeration reads your physical ports.
Claude runs in a data center. It has none of these things. These tools only work because the binary is running on your computer.
Related MCP server: Tengu
Tools
Local hardware (impossible for any remote service)
Tool | What it does |
| Scan nearby Wi-Fi networks via your wireless hardware — SSID, BSSID, signal, channel, security |
| Enumerate nearby Bluetooth devices via your adapter — name, address, type, pairing status |
| List all USB devices connected to this machine — vendor, product ID, speed, manufacturer |
| Layer 2 LAN discovery — finds every device on your network including ones that block ICMP/TCP, with MAC addresses and vendor IDs |
| ICMP host discovery across a CIDR range from your machine's network stack |
| Hop-by-hop network path from this machine via ICMP TTL probes |
| Kernel FS event stream (FSEvents on macOS, inotify on Linux) — real-time create/write/delete/rename |
| Local hardware: CPU model, RAM, disk, uptime, all network interfaces with IPs and MACs |
| Every file, socket, and pipe held open by processes on this machine via |
| Running processes with CPU% and memory — filter by name |
| Live TCP connections on this machine ( |
| Walk local files for hardcoded credentials — 20+ patterns (AWS, GitHub, OpenAI, Stripe, Slack, DB URLs, private keys) |
| SHA-256 every file in a directory — integrity baseline before/after deploys |
Forensics and supply chain
Tool | What it does |
| Checks this machine for malware persistence: LaunchAgents/Daemons (macOS), systemd units (Linux), cron jobs, shell profile injections. Flags curl-pipe-to-bash, base64 payloads, binaries in /tmp |
| Audits node_modules for supply chain attacks: lifecycle scripts that download/execute remote code, typosquatting (Levenshtein distance 1 against 50 popular packages), eval() of runtime data in source |
Network utilities
Tool | What it does |
| Concurrent TCP scanner — 200 goroutines, service name lookup |
| Raw TCP banner from any protocol — SSH, FTP, SMTP, Redis, MySQL |
| Full TLS certificate chain — key size, algorithm, expiry, SANs |
| A, AAAA, MX, NS, TXT, CNAME — detects missing SPF/DMARC |
| HTTP security header audit scored 0–100 with letter grade |
| npm dependency CVE check via OSV — no API key |
| Local JWT decode — algorithm, expiry, security warnings |
Setup
Claude Code
Add to ~/.claude/settings.json:
{
"mcpServers": {
"mcp-guard": {
"command": "npx",
"args": ["-y", "@zent7x/mcp-guard"]
}
}
}Cursor
Add to .cursor/mcp.json:
{
"mcpServers": {
"mcp-guard": {
"command": "npx",
"args": ["-y", "@zent7x/mcp-guard"]
}
}
}Global install
npm install -g @zent7x/mcp-guardThen use "command": "mcp-guard" instead of npx in the config above.
Example output
> wifi_scan
Wi-Fi networks (8 found)
SSID BSSID SIGNAL CHANNEL SECURITY
──────────────────────────────────────────────────────────────────────────────────────────
HomeNetwork a4:c3:f0:11:22:33 -42 dBm 6 WPA2 Personal
OfficeWifi b8:27:eb:44:55:66 -67 dBm 11 WPA2 Enterprise> arp_scan 192.168.1.0/24
LAN devices in 192.168.1.0/24 (6 found)
IP MAC HOSTNAME VENDOR
────────────────────────────────────────────────────────────────────────────────
192.168.1.1 a4:c3:f0:ab:cd:ef router.local Apple
192.168.1.42 b8:27:eb:12:34:56 raspberrypi.local Raspberry Pi
192.168.1.100 00:0c:29:78:90:ab VMware> bluetooth_scan
Bluetooth devices (4 found)
NAME ADDRESS TYPE STATUS
─────────────────────────────────────────────────────────────────────────────────────────
AirPods Pro a1:b2:c3:d4:e5:f6 paired
MX Keys 11:22:33:44:55:66 Keyboard paired
Sony WH-1000XM5 aa:bb:cc:dd:ee:ff Headphones not pairedHow it works
The npm package downloads a pre-compiled Go binary for your platform on first run. The binary speaks the MCP stdio protocol — your editor spawns it on startup and the tools appear automatically.
Platform binaries: darwin-arm64, darwin-amd64, linux-amd64, linux-arm64, windows-amd64.
Build from source
git clone https://github.com/zent7x/mcp-guard
cd mcp-guard
go build -o mcp-guard .Requires Go 1.21+.
License
MIT
Maintenance
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/zent7x/mcp-guard'
If you have feedback or need assistance with the MCP directory API, please join our Discord server