Mcp Safeguard

Name: Mcp Safeguard
Author: com.cognivators

Scan third-party MCP servers for prompt injection, leaked secrets, SSRF, and tool poisoning before you wire them into Claude Code or Cursor.

Overview

com.cognivators/mcp-safeguard is a MCP server for the Ship phase that scans other MCP servers for prompt injection, credential leaks, SSRF, and tool poisoning.

What is this MCP server?

Detects prompt-injection patterns in MCP tool descriptions and server metadata
Flags credential leaks and unsafe secret handling in server configs
Surfaces SSRF-style risky endpoints exposed through tools
Identifies tool-poisoning and ambiguous or over-privileged tool definitions
Runs as stdio MCP via PyPI package mcp-safeguard (v0.3.2)
Server version 0.3.2 on PyPI (stdio)
Covers 4 advertised threat classes: prompt injection, credential leaks, SSRF, tool poisoning

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

What problem does it solve?

Installing unknown MCP servers can silently expose your agent to hijacked prompts, stolen API keys, and dangerous outbound requests.

Who is it for?

Indie builders curating a personal MCP stack who want a quick guardrail before enabling write tools or production credentials.

Skip if: Teams that only use first-party MCP from Anthropic with no third-party servers, or who already run full SOC2-grade supply-chain review.

What do I get? / Deliverables

You get a structured security pass on candidate MCP servers before registering them in Claude Code, Cursor, or Codex.

Security findings across injection, secrets, SSRF, and tool-poisoning categories
Go/no-go signal before registering risky MCP servers
Repeatable pre-ship checklist for MCP stack changes

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

Security review belongs in Ship once you are adding external MCP tools to an agent workflow, not during initial ideation. This server is a dedicated security gate for MCP integrations—same shelf as other pre-launch hardening checks.

How it compares

MCP-specific security scanner, not a general application SAST or secrets manager.

Common Questions / FAQ

Who is com.cognivators/mcp-safeguard for?

Solo and small-team builders who install community MCP servers and need a fast check for injection, leaks, SSRF, and poisoned tools before go-live.

When should I use com.cognivators/mcp-safeguard?

During Ship security review whenever you add or update a third-party MCP server in your agent config, especially before production API keys are reachable.

How do I add com.cognivators/mcp-safeguard to my agent?

Install the PyPI package mcp-safeguard (0.3.2), register it as a stdio MCP server in your client’s mcp.json, and run scans against servers you are evaluating.

Mcp Safeguard

Scan third-party MCP servers for prompt injection, leaked secrets, SSRF, and tool poisoning before you wire them into Claude Code or Cursor.

Overview

com.cognivators/mcp-safeguard is a MCP server for the Ship phase that scans other MCP servers for prompt injection, credential leaks, SSRF, and tool poisoning.

What is this MCP server?

Detects prompt-injection patterns in MCP tool descriptions and server metadata
Flags credential leaks and unsafe secret handling in server configs
Surfaces SSRF-style risky endpoints exposed through tools
Identifies tool-poisoning and ambiguous or over-privileged tool definitions
Runs as stdio MCP via PyPI package mcp-safeguard (v0.3.2)
Server version 0.3.2 on PyPI (stdio)
Covers 4 advertised threat classes: prompt injection, credential leaks, SSRF, tool poisoning

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

What problem does it solve?

Installing unknown MCP servers can silently expose your agent to hijacked prompts, stolen API keys, and dangerous outbound requests.

Who is it for?

Indie builders curating a personal MCP stack who want a quick guardrail before enabling write tools or production credentials.

Skip if: Teams that only use first-party MCP from Anthropic with no third-party servers, or who already run full SOC2-grade supply-chain review.

What do I get? / Deliverables

You get a structured security pass on candidate MCP servers before registering them in Claude Code, Cursor, or Codex.

Security findings across injection, secrets, SSRF, and tool-poisoning categories
Go/no-go signal before registering risky MCP servers
Repeatable pre-ship checklist for MCP stack changes

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

How it compares

MCP-specific security scanner, not a general application SAST or secrets manager.

Common Questions / FAQ

Who is com.cognivators/mcp-safeguard for?

Solo and small-team builders who install community MCP servers and need a fast check for injection, leaks, SSRF, and poisoned tools before go-live.

When should I use com.cognivators/mcp-safeguard?

During Ship security review whenever you add or update a third-party MCP server in your agent config, especially before production API keys are reachable.

How do I add com.cognivators/mcp-safeguard to my agent?

Install the PyPI package mcp-safeguard (0.3.2), register it as a stdio MCP server in your client’s mcp.json, and run scans against servers you are evaluating.

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is com.cognivators/mcp-safeguard for?

When should I use com.cognivators/mcp-safeguard?

How do I add com.cognivators/mcp-safeguard to my agent?

This week for builders

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is com.cognivators/mcp-safeguard for?

When should I use com.cognivators/mcp-safeguard?

How do I add com.cognivators/mcp-safeguard to my agent?