Mcpwall

Name: Mcpwall
Author: behrensd

behrensd/mcp-firewall

Put a policy firewall in front of your MCP tool graph so agents cannot run blocked calls or leak secrets unnoticed.

Overview

mcpwall is a MCP server for the Ship phase that blocks risky tool calls, scans for secrets, and logs MCP traffic like a firewall for agents.

What is this MCP server?

Blocks dangerous MCP tool calls with iptables-style rules
Scans outbound tool payloads and responses for secret patterns
Logs every tool invocation for later review and incident triage
Stdio npm package (mcpwall v0.1.2) for Claude Code, Cursor, and other MCP clients
Sits inline between the host and downstream MCP servers without replacing them
Server version 0.1.2 on npm identifier mcpwall
Transport: stdio
Repository: github.com/behrensd/mcp-firewall

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Community signal: 3 GitHub stars.

What problem does it solve?

One compromised or over-permissive MCP tool can let an agent run destructive commands or leak API keys with no central policy layer.

Who is it for?

Indie builders running multiple MCP servers against real repos, cloud accounts, or customer data who need deny rules and logging before going live.

Skip if: Single-tool local experiments with no secrets and no need for centralized MCP policy or audit trails.

What do I get? / Deliverables

After registration, tool calls pass through enforced rules, secret scanning, and audit logs so you can ship MCP stacks with clearer guardrails.

Policy-gated MCP tool execution path
Secret-scanning pass over MCP traffic
Persistent logs of tool calls for security review

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

Canonical shelf is Ship because the primary value is gating risky agent actions before they reach real systems. Security subphase matches call blocking, secret scanning, and audit logging as launch-prep hardening for MCP-heavy workflows.

How it compares

Inline MCP security gateway, not a replacement skill for code review or static appsec scanning.

Common Questions / FAQ

Who is Mcpwall for?

Solo and small-team builders who connect several MCP servers to Claude Code, Cursor, or Codex and want firewall-style control over which tool calls are allowed.

When should I use Mcpwall?

Use it during Ship and Operate when you are hardening agent workflows, blocking dangerous tools, scanning for secrets, and keeping logs of what MCP executed.

How do I add Mcpwall to my agent?

Install the npm package Mcpwall (v0.1.2), register it as a stdio MCP server in your client config, and place it upstream of the MCP servers you want to protect per the mcp-firewall repo instructions.

Mcpwall

behrensd/mcp-firewall

Put a policy firewall in front of your MCP tool graph so agents cannot run blocked calls or leak secrets unnoticed.

Overview

mcpwall is a MCP server for the Ship phase that blocks risky tool calls, scans for secrets, and logs MCP traffic like a firewall for agents.

What is this MCP server?

Blocks dangerous MCP tool calls with iptables-style rules
Scans outbound tool payloads and responses for secret patterns
Logs every tool invocation for later review and incident triage
Stdio npm package (mcpwall v0.1.2) for Claude Code, Cursor, and other MCP clients
Sits inline between the host and downstream MCP servers without replacing them
Server version 0.1.2 on npm identifier mcpwall
Transport: stdio
Repository: github.com/behrensd/mcp-firewall

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Community signal: 3 GitHub stars.

What problem does it solve?

One compromised or over-permissive MCP tool can let an agent run destructive commands or leak API keys with no central policy layer.

Who is it for?

Indie builders running multiple MCP servers against real repos, cloud accounts, or customer data who need deny rules and logging before going live.

Skip if: Single-tool local experiments with no secrets and no need for centralized MCP policy or audit trails.

What do I get? / Deliverables

After registration, tool calls pass through enforced rules, secret scanning, and audit logs so you can ship MCP stacks with clearer guardrails.

Policy-gated MCP tool execution path
Secret-scanning pass over MCP traffic
Persistent logs of tool calls for security review

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

How it compares

Inline MCP security gateway, not a replacement skill for code review or static appsec scanning.

Common Questions / FAQ

Who is Mcpwall for?

Solo and small-team builders who connect several MCP servers to Claude Code, Cursor, or Codex and want firewall-style control over which tool calls are allowed.

When should I use Mcpwall?

Use it during Ship and Operate when you are hardening agent workflows, blocking dangerous tools, scanning for secrets, and keeping logs of what MCP executed.

How do I add Mcpwall to my agent?

Install the npm package Mcpwall (v0.1.2), register it as a stdio MCP server in your client config, and place it upstream of the MCP servers you want to protect per the mcp-firewall repo instructions.

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is Mcpwall for?

When should I use Mcpwall?

How do I add Mcpwall to my agent?

This week for builders

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is Mcpwall for?

When should I use Mcpwall?

How do I add Mcpwall to my agent?