Mund

Name: Mund
Author: Tyox-all

Tyox-all/Weave_Protocol

Scan agent prompts, tool outputs, and code paths for secrets, PII, prompt injection, and data exfiltration before you ship AI features.

Overview

mund is an MCP server for the Ship phase that scans AI-related content for secrets, PII, prompt injection, and exfiltration risks.

What is this MCP server?

Detect secrets, PII, prompt injection, and exfiltration patterns in AI pipelines
Configurable MUND_SEVERITY_THRESHOLD (low, medium, high, critical)
MUND_LOG_LEVEL for debug through error verbosity
npm package @weave_protocol/mund v0.1.9 with stdio transport
Part of Weave Protocol; MCP tool, not a markdown skill
Server version 0.1.9
4 detection themes documented (secrets, PII, prompt injection, exfiltration)
2 optional environment variables (MUND_SEVERITY_THRESHOLD, MUND_LOG_LEVEL)

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

What problem does it solve?

Agent apps silently leak API keys, ingest jailbreaks, or forward sensitive data because nothing screens tool I/O at dev time.

Who is it for?

Solo builders shipping LLM agents or RAG apps who want in-IDE guardrails without building a custom safety layer first.

Skip if: Teams needing full SOC2 pen tests, binary SAST, or compliance sign-off from a certified scanner alone.

What do I get? / Deliverables

You get severity-ranked findings in the agent session so you can block or fix risky prompts and outputs before launch.

Security findings ranked by configured severity threshold
Coverage for secrets, PII, injection, and exfiltration patterns
Debuggable scan logs via MUND_LOG_LEVEL

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

Security scanning belongs in Ship when hardening AI workflows and catching leakage before production. mund is a dedicated scanner for AI-specific threats, not general unit tests—canonical on the security subphase.

How it compares

AI-focused MCP security scanner, not a generic dependency audit or WAF replacement.

Common Questions / FAQ

Who is mund for?

Developers building AI agents with MCP who need quick checks for secrets, PII, injection, and exfiltration during ship and hardening.

When should I use mund?

Use it when reviewing prompts, retrieved docs, or generated code before release, or when debugging suspicious agent behavior.

How do I add mund to my agent?

Install @weave_protocol/mund from npm, optionally set MUND_SEVERITY_THRESHOLD and MUND_LOG_LEVEL, and register the stdio MCP server in your client config.

Mund

Tyox-all/Weave_Protocol

Scan agent prompts, tool outputs, and code paths for secrets, PII, prompt injection, and data exfiltration before you ship AI features.

Overview

mund is an MCP server for the Ship phase that scans AI-related content for secrets, PII, prompt injection, and exfiltration risks.

What is this MCP server?

Detect secrets, PII, prompt injection, and exfiltration patterns in AI pipelines
Configurable MUND_SEVERITY_THRESHOLD (low, medium, high, critical)
MUND_LOG_LEVEL for debug through error verbosity
npm package @weave_protocol/mund v0.1.9 with stdio transport
Part of Weave Protocol; MCP tool, not a markdown skill
Server version 0.1.9
4 detection themes documented (secrets, PII, prompt injection, exfiltration)
2 optional environment variables (MUND_SEVERITY_THRESHOLD, MUND_LOG_LEVEL)

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

What problem does it solve?

Agent apps silently leak API keys, ingest jailbreaks, or forward sensitive data because nothing screens tool I/O at dev time.

Who is it for?

Solo builders shipping LLM agents or RAG apps who want in-IDE guardrails without building a custom safety layer first.

Skip if: Teams needing full SOC2 pen tests, binary SAST, or compliance sign-off from a certified scanner alone.

What do I get? / Deliverables

You get severity-ranked findings in the agent session so you can block or fix risky prompts and outputs before launch.

Security findings ranked by configured severity threshold
Coverage for secrets, PII, injection, and exfiltration patterns
Debuggable scan logs via MUND_LOG_LEVEL

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

How it compares

AI-focused MCP security scanner, not a generic dependency audit or WAF replacement.

Common Questions / FAQ

Who is mund for?

Developers building AI agents with MCP who need quick checks for secrets, PII, injection, and exfiltration during ship and hardening.

When should I use mund?

Use it when reviewing prompts, retrieved docs, or generated code before release, or when debugging suspicious agent behavior.

How do I add mund to my agent?

Install @weave_protocol/mund from npm, optionally set MUND_SEVERITY_THRESHOLD and MUND_LOG_LEVEL, and register the stdio MCP server in your client config.

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is mund for?

When should I use mund?

How do I add mund to my agent?

This week for builders

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is mund for?

When should I use mund?

How do I add mund to my agent?