← 返回
未分类 中文

ScopeBlind protect-mcp

MCP security gateway. Wraps any MCP server with per-tool policies, Ed25519-signed decision receipts, and human approval gates. Shadow mode logs everything wi...
MCP安全网关。为任意MCP服务器提供每工具策略控制、Ed25519签名决策收据和人工审批门禁。影子模式记录所有操作...
tomjwxf tomjwxf 来源
未分类 clawhub v1.0.0 1 版本 100000 Key: 无需
★ 0
Stars
📥 424
下载
💾 0
安装
1
版本
#latest

概述

protect-mcp — MCP Security Gateway

What This Skill Does

Wraps any MCP server as a transparent stdio proxy with per-tool security

policies and cryptographic audit trail. Every tool call decision is logged

and optionally Ed25519-signed.

Quick Start

# Shadow mode — log everything, block nothing
npx protect-mcp -- node your-server.js

# Enforce mode — apply per-tool policies
npx protect-mcp --policy policy.json --enforce -- node your-server.js

# Initialize signing (generates Ed25519 keypair)
npx protect-mcp init

Policy Example

{
  "tools": {
    "db_write": { "decision": "deny" },
    "file_read": { "decision": "allow", "rateLimit": { "maxCalls": 30, "windowSecs": 60 } },
    "deploy": { "decision": "require_approval" }
  }
}

Pre-built Policy Packs

protect-mcp ships CVE-anchored policy packs:

# List available policies
npx protect-mcp policies

# Apply the Clinejection prevention policy
npx protect-mcp --policy clinejection --enforce -- node your-server.js

Verify Receipts

Receipts are independently verifiable offline — no ScopeBlind dependency:

npx @veritasacta/verify receipt.json
npx @veritasacta/verify --self-test

OWASP MCP Top 10 Coverage

RiskControl
---------------
MCP-01 Rug PullsSigned tool manifests; policy pins allowed tools
MCP-03 Tool PoisoningPer-tool allow/deny/rate-limit policies
MCP-04 Tool Arg InjectionArgument inspection + approval gates
MCP-07 Auth/AuthZTrust-tier gating
MCP-08 Logging & AuditEd25519-signed receipts — verifiable offline
MCP-09 Excessive AgencyShadow mode reveals actual tool usage

Links

  • npm: https://npmjs.com/package/protect-mcp
  • IETF Draft: https://datatracker.ietf.org/doc/draft-farley-acta-signed-receipts/
  • Docs: https://scopeblind.com/docs/protect-mcp
  • OWASP Mapping: https://scopeblind.com/docs/owasp

版本历史

共 1 个版本

  • v1.0.0 当前
    2026-05-03 08:35 安全 安全

安全检测

腾讯云安全 (Keen)

安全,无风险
查看报告

腾讯云安全 (Sanbu)

安全,无风险
查看报告

🔗 相关推荐

ai-agent

ScopeBlind Passport

tomjwxf
为您的 OpenClaw 代理提供签名访问控制。通过 protect-mcp 封装 MCP 工具调用,添加按工具策略、签名收据和信任层级。每项操作...
★ 0 📥 511
it-ops-security

Free Ride - Unlimited free AI

shaivpidadi
管理OpenClaw的OpenRouter免费AI模型,自动按质量排名模型,配置速率限制备用方案,并更新opencla...
★ 471 📥 78,469
it-ops-security

OpenClaw Backup

alex3alex
备份与恢复 OpenClaw 数据。适用于创建备份、设置自动备份计划、从备份恢复或管理备份轮转。处理 ~/.openclaw 目录归档并包含适当的排除规则。
★ 90 📥 31,050