https://github.com/82ch/MCP-Dandan

MCP Security Solution for Agentic AI — real-time proxying, behavior analysis, and malicious tool detection
https://github.com/82ch/MCP-Dandan

ai-tools mcp mcp-client mcp-dandan mcp-gateway mcp-guard mcp-host mcp-security mcp-server mcp-tools model-context-protocol

Last synced: 27 days ago
JSON representation

MCP Security Solution for Agentic AI — real-time proxying, behavior analysis, and malicious tool detection

• Host: GitHub
• URL: https://github.com/82ch/MCP-Dandan
• Owner: 82ch
• License: mit
• Created: 2025-11-10T04:52:38.000Z (2 months ago)
• Default Branch: main
• Last Pushed: 2025-12-09T09:23:01.000Z (about 1 month ago)
• Last Synced: 2025-12-10T00:13:51.451Z (about 1 month ago)
• Topics: ai-tools, mcp, mcp-client, mcp-dandan, mcp-gateway, mcp-guard, mcp-host, mcp-security, mcp-server, mcp-tools, model-context-protocol
• Language: Python
• Homepage: https://mcp-dandan.netlify.app/
• Size: 10.8 MB
• Stars: 42
• Watchers: 0
• Forks: 5
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • Contributing: .github/CONTRIBUTING.md
  • License: LICENSE

Awesome Lists containing this project

• awesome-mcp - 82ch/MCP-Dandan - time proxying ☆`57` (Security / MCP Security)
• awesome-mcp-security - MCP-Dandan - Desktop security tool for real-time monitoring, threat detection, and control of MCP tool invocations. (🧑‍🚀 Tools and code)

README

          
# MCP-Dandan - MCP Security Framework



  

  

  





  



MCP-Dandan


## Overview

MCP-Dandan is an integrated monitoring service that observes MCP (Model Context Protocol) communications and detects security threats in real time. It features a modern desktop UI built with Electron for easy monitoring and management.

Currently, MCP-Dandan is listed in **well-known MCP-related open-source collections** and can be found in the following repositories:

- [Awesome MCP Servers – Security](https://github.com/punkpeye/awesome-mcp-servers?tab=readme-ov-file#security)

- [Awesome MCP Security – Tools & Code](https://github.com/Puliczek/awesome-mcp-security?tab=readme-ov-file#%E2%80%8D-tools-and-code)

https://github.com/user-attachments/assets/928686ab-a5aa-4486-8d8e-d4a9592adc3e

## Features

- **Real-time MCP Traffic Monitoring**: Intercepts and analyzes MCP communications

- **Multi-Engine Threat Detection**:

  - Command Injection Detection

  - File System Exposure Detection

  - PII Leak Detection(custom rules supported)

  - Data Exfiltration Detection

  - Tools Poisoning Detection (LLM-based)

- **Desktop UI**: Electron-based application with interactive dashboard

- **Interactive Tutorial**: Built-in tutorial system for new users

- **Blocking Capabilities**: Real-time threat blocking with user control

- **Cross-Platform**: Supports Windows, macOS, and Linux

## Quick Start

### Installation

```bash

# Clone the repository

git clone https://github.com/82ch/MCP-Dandan.git

cd MCP-Dandan

# Install all dependencies (Python + Node.js)

npm run install-all

```

### Running the Application

```bash

# Start both server and desktop UI

npm run dev

```

The server will start on `http://127.0.0.1:8282` and the Electron desktop app will launch automatically.

## Project Structure



## Detection Engines

### 1. Command Injection Engine

Identifies potential command injection patterns in tool calls.

### 2. File System Exposure Engine

Monitors unauthorized file system access attempts.

### 3. PII Leak Engine (custom rules supported)

Detects potential PII leakage with built-in rules and optional user-defined customization.

### 4. Data Exfiltration Engine

Identifies suspicious data transfer patterns.

### 5. Tools Poisoning Engine (LLM-based)

Uses semantic analysis to detect misuse of MCP tools:

- Compares tool specifications vs actual usage

- Scores alignment (0-100) with detailed breakdown

- Auto-categorizes severity: none/low/medium/high

### Engine Setting





https://github.com/user-attachments/assets/3d6f2304-0a6b-492e-9f2d-bba76df98b4c



Input your MISTRAL_API_KEY to enable the Tools Poisoning Engine, and configure detection settings as needed.



## Desktop UI Features

- **Real-time Dashboard**: Monitor MCP traffic and threats in real time

- **Interactive Tutorial**: Learn how to use the system with step-by-step guides

- **Blocking Interface**: Review and control threat blocking actions

- **Settings Panel**: Configure detection engines and system behavior

- **Chat Panel**: Interact with the system and view logs

https://github.com/user-attachments/assets/19bcbdfb-c893-468d-a8a6-1c7b70a1c7b7

> ## Full Documentation  

> For detailed explanations and technical documentation, please refer to the  

> **[MCP-Dandan Wiki](https://github.com/82ch/MCP-Dandan/wiki)**.

>

> **Have questions or suggestions?**  

> Please visit the **[Discussions](https://github.com/82ch/MCP-Dandan/discussions)** tab.