{"id":48182253,"url":"https://github.com/loplop-h/mcpguard","last_synced_at":"2026-04-06T19:01:01.978Z","repository":{"id":348231991,"uuid":"1197037640","full_name":"loplop-h/mcpguard","owner":"loplop-h","description":"Security scanner for MCP server configurations. 10/10 OWASP MCP Top 10 coverage. Auto-fix, tool poisoning detection, rug pull alerts.","archived":false,"fork":false,"pushed_at":"2026-03-31T10:28:18.000Z","size":2685,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"master","last_synced_at":"2026-04-04T18:56:09.867Z","etag":null,"topics":["ai","claude-code","cli","mcp","model-context-protocol","owasp","python","scanner","security","tool-poisoning","vulnerability-scanner"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/loplop-h.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-31T09:17:04.000Z","updated_at":"2026-03-31T10:28:21.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/loplop-h/mcpguard","commit_stats":null,"previous_names":["loplop-h/mcpguard"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/loplop-h/mcpguard","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/loplop-h%2Fmcpguard","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/loplop-h%2Fmcpguard/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/loplop-h%2Fmcpguard/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/loplop-h%2Fmcpguard/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/loplop-h","download_url":"https://codeload.github.com/loplop-h/mcpguard/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/loplop-h%2Fmcpguard/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31444702,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-05T15:22:31.103Z","status":"ssl_error","status_checked_at":"2026-04-05T15:22:00.205Z","response_time":75,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai","claude-code","cli","mcp","model-context-protocol","owasp","python","scanner","security","tool-poisoning","vulnerability-scanner"],"created_at":"2026-04-04T17:46:20.921Z","updated_at":"2026-04-06T19:01:01.963Z","avatar_url":"https://github.com/loplop-h.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003cpicture\u003e\n    \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://raw.githubusercontent.com/loplop-h/mcpguard/master/docs/logo-dark.svg\"\u003e\n    \u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://raw.githubusercontent.com/loplop-h/mcpguard/master/docs/logo-light.svg\"\u003e\n    \u003cimg alt=\"mcpguard\" src=\"https://raw.githubusercontent.com/loplop-h/mcpguard/master/docs/logo-light.svg\" width=\"450\"\u003e\n  \u003c/picture\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\u003cstrong\u003eFind security vulnerabilities in your MCP server configs before attackers do.\u003c/strong\u003e\u003c/p\u003e\n\u003cp align=\"center\"\u003eMaps every finding to the OWASP MCP Top 10. Zero config. Runs locally.\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://pypi.org/project/guardmcp/\"\u003e\u003cimg src=\"https://img.shields.io/pypi/v/guardmcp?style=flat-square\" alt=\"PyPI\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://pypi.org/project/guardmcp/\"\u003e\u003cimg src=\"https://img.shields.io/pypi/pyversions/guardmcp?style=flat-square\" alt=\"Python\"\u003e\u003c/a\u003e\n  \u003ca href=\"LICENSE\"\u003e\u003cimg src=\"https://img.shields.io/badge/license-MIT-blue?style=flat-square\" alt=\"License\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/loplop-h/mcpguard/stargazers\"\u003e\u003cimg src=\"https://img.shields.io/github/stars/loplop-h/mcpguard?style=flat-square\" alt=\"Stars\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://owasp.org/www-project-mcp-top-10/\"\u003e\u003cimg src=\"https://img.shields.io/badge/OWASP-MCP%20Top%2010-orange?style=flat-square\" alt=\"OWASP\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n---\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://raw.githubusercontent.com/loplop-h/mcpguard/master/docs/scan-screenshot.png?v=3\" alt=\"mcpguard scan output\" width=\"650\"\u003e\n\u003c/p\u003e\n\n## Quick Start\n\n```bash\npip install guardmcp\nmcpguard scan\n```\n\nThat's it. mcpguard auto-detects MCP configs from Claude Desktop, Claude Code, Cursor, VS Code, and Windsurf. No API keys, no accounts, everything runs locally.\n\n## What It Scans For\n\nmcpguard checks your MCP server configurations against the [OWASP MCP Top 10](https://owasp.org/www-project-mcp-top-10/):\n\n| | Risk | What mcpguard detects |\n|---|------|----------------------|\n| Y | **MCP01** Token \u0026 Secret Exposure | Hardcoded API keys (AWS, OpenAI, GitHub, Anthropic, Stripe), high-entropy secrets, JWT tokens, live secret verification |\n| Y | **MCP02** Privilege Escalation | Wildcard `alwaysAllow`, overpermissioned tool scopes |\n| Y | **MCP03** Tool Poisoning | 14 injection patterns in tool descriptions, suspicious names, long descriptions, tool shadowing, rug pull detection |\n| Y | **MCP04** Supply Chain Attacks | Unpinned `@latest` versions, missing version locks |\n| Y | **MCP05** Command Injection | Shell metacharacters, dangerous commands, missing input schemas |\n| Y | **MCP06** Intent Subversion | SSRF-prone URLs (cloud metadata, private IPs) |\n| Y | **MCP07** Missing Authentication | HTTP servers without auth headers, plaintext HTTP transport |\n| Y | **MCP08** No Audit Logging | Unsafe shell execution, pipe/redirect in args |\n| Y | **MCP09** Shadow Servers | Localhost/dev URLs, unregistered servers |\n| Y | **MCP10** Context Over-Sharing | Docker host network, sensitive volume mounts, no rate limiting |\n\n## Features\n\n- **Zero config** -- auto-discovers configs from 5 MCP clients\n- **OWASP mapped** -- every finding links to OWASP MCP Top 10\n- **16 detection rules** -- secrets, auth, permissions, supply chain, injection, shadow servers\n- **Entropy-based secret detection** -- catches secrets that don't match known patterns\n- **Auto-fix** -- `mcpguard fix` replaces hardcoded secrets with `${VAR}` references\n- **Custom rules** -- add your own YAML detection rules\n- **SARIF output** -- integrates with GitHub Security tab\n- **GitHub Action** -- drop-in CI/CD security gate\n- **Pre-commit hook** -- catch issues before they're committed\n- **No network** -- everything runs locally, no API calls\n\n## Usage\n\n```bash\n# Scan all auto-detected configs\nmcpguard scan\n\n# Scan a specific config file\nmcpguard scan --path /path/to/mcp.json\n\n# Auto-fix hardcoded secrets, HTTP URLs, wildcard permissions\nmcpguard fix\n\n# Preview fixes without modifying files\nmcpguard fix --dry-run\n\n# JSON output for CI/CD\nmcpguard scan --format json\n\n# SARIF output for GitHub Security tab\nmcpguard scan --format sarif -o results.sarif\n\n# Only show critical and high findings\nmcpguard scan --severity high\n\n# Connect to servers and inspect tool definitions\nmcpguard inspect\n\n# Verify detected secrets are live (makes read-only API calls)\nmcpguard scan --verify\n\n# Quick pass/fail check (exit code only)\nmcpguard check\n\n# Add custom detection rules\nmcpguard scan --rules-dir ./my-rules/\n```\n\n## Auto-Fix\n\nmcpguard can automatically fix common security issues:\n\n```bash\nmcpguard fix\n```\n\nWhat it fixes:\n- Replaces hardcoded API keys with `${VAR_NAME}` environment variable references\n- Upgrades `http://` URLs to `https://`\n- Removes wildcard `alwaysAllow: [\"*\"]`\n- Creates a `.mcpguard-backup` before modifying any file\n\n## Supported Clients\n\n| Client | Config Location |\n|--------|----------------|\n| Claude Desktop | `~/Library/Application Support/Claude/claude_desktop_config.json` |\n| Claude Code | `~/.claude.json`, `.mcp.json` |\n| Cursor | `~/.cursor/mcp.json`, `.cursor/mcp.json` |\n| VS Code | `~/.config/Code/User/mcp.json`, `.vscode/mcp.json` |\n| Windsurf | `~/.codeium/windsurf/mcp_config.json` |\n\n## Custom Rules\n\nmcpguard uses YAML detection rules. Add your own:\n\n```yaml\nid: CUSTOM-001\ninfo:\n  name: Internal API Key Pattern\n  severity: critical\n  owasp: MCP01\n  description: Detects internal API keys\n  remediation: Use vault references\n  cwe: CWE-798\ndetection:\n  target: config\n  scope: env_values\n  match:\n    type: regex\n    patterns:\n      - 'internal_[a-z0-9]{32}'\n```\n\n```bash\nmcpguard scan --rules-dir ./my-rules/\n```\n\n## GitHub Action\n\n```yaml\nname: MCP Security Scan\non: [push, pull_request]\n\njobs:\n  mcpguard:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v4\n      - uses: loplop-h/mcpguard@v1\n```\n\nOr manually:\n\n```yaml\n      - run: pip install guardmcp\n      - run: mcpguard scan --format sarif -o results.sarif\n      - uses: github/codeql-action/upload-sarif@v3\n        with:\n          sarif_file: results.sarif\n```\n\n## Pre-commit Hook\n\n```yaml\n# .pre-commit-config.yaml\nrepos:\n  - repo: https://github.com/loplop-h/mcpguard\n    rev: v0.1.0\n    hooks:\n      - id: mcpguard\n```\n\n## How It Compares\n\n| Feature | mcpguard | mcp-scan | Tencent AI-Infra-Guard | Cisco mcp-scanner |\n|---------|----------|----------|------------------------|-------------------|\n| Zero-config CLI | Y | Y | N (Docker/web) | N (API key) |\n| Config scanning | Y | Y | Y | Y |\n| Server inspection | Y | Y | Y | N |\n| Tool poisoning detection | Y (14 patterns) | Y | Partial | N |\n| Rug pull detection | Y (hash pinning) | Y | N | N |\n| Auto-fix (`fix`) | **Y** | N | N | N |\n| OWASP MCP Top 10 mapping | **Y (10/10)** | N | N | N |\n| Secret verification | **Y** (GitHub, OpenAI, Anthropic, Stripe) | N | N | N |\n| SARIF output | **Y** | N | N | N |\n| GitHub Action | **Y** | N | N | N |\n| Pre-commit hook | **Y** | N | N | N |\n| Custom YAML rules | **Y** | N | N | N |\n| Entropy-based detection | **Y** | N | N | N |\n\n## Privacy\n\n- All data stays on your machine\n- No telemetry, no tracking\n- `scan` reads config files only (no network)\n- `inspect` connects to local stdio servers only (never sends data externally)\n- `--verify` makes read-only API calls to check if secrets are live\n- Open source, MIT licensed\n\n## Contributing\n\n```bash\ngit clone https://github.com/loplop-h/mcpguard.git\ncd mcpguard\npip install -e \".[dev]\"\npytest\n```\n\nAdd detection rules in `src/mcpguard/rules/` using the YAML schema above.\n\n## License\n\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Floplop-h%2Fmcpguard","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Floplop-h%2Fmcpguard","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Floplop-h%2Fmcpguard/lists"}