Shadowgate Mcp

Name: Shadowgate Mcp
Author: josephibra

josephibra/shadowgate-mcp

Scan MCP tool calls for prompt injection, leaked secrets, and risky patterns before agents touch production integrations.

Overview

io.github.josephibra/shadowgate-mcp is an MCP server for the Ship phase that firewalls agent MCP calls by scanning for injection, secrets, and security risks.

What is this MCP server?

Firewall layer over MCP requests and responses
Detection focus: injection, secrets exposure, risky content
Hosted streamable-http remote at shadowgate-mcp.mcp.xpay.sh
Version 1.0.0 from josephibra/shadowgate-mcp
Complements agent tooling rather than replacing secure coding
Server version 1.0.0
1 published streamable-http remote endpoint
GitHub repository josephibra/shadowgate-mcp

Compatible agents: Claude Code, Cursor, Codex, Windsurf

What problem does it solve?

Every new MCP server increases the chance agents execute injected instructions or exfiltrate secrets through tool I/O.

Who is it for?

Indie builders running multiple MCP integrations who want an explicit security scan on agent tool traffic before launch.

Skip if: Teams without MCP in production, or organizations that need on-prem only with no hosted security remote.

What do I get? / Deliverables

Risky MCP traffic gets flagged or blocked so you can ship agent features with a dedicated security gate in the loop.

Scanned MCP call pipeline with risk signals on injection and secrets
Clearer go/no-go before enabling new tools in production
Documented security gate in your agent launch checklist

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

Security hardening belongs in Ship when you are about to rely on MCP in real workflows, not only during first integration spikes. An MCP-call firewall is application-security guardrails for agent runtimes—aligned with the security subphase.

How it compares

MCP traffic firewall, not a full SAST suite or generic code-review skill.

Common Questions / FAQ

Who is io.github.josephibra/shadowgate-mcp for?

Solo builders and small teams shipping Claude Code or Cursor workflows with several MCP servers who want injection and secret scanning on tool calls.

When should I use io.github.josephibra/shadowgate-mcp?

Use it in Ship security when agent MCP usage is real, integrations are multiplying, and you need a policy layer before users or production data are exposed.

How do I add io.github.josephibra/shadowgate-mcp to my agent?

Register the remote MCP URL https://shadowgate-mcp.mcp.xpay.sh/mcp as streamable-http in your agent, place it according to your vendor’s firewall or proxy pattern, and test with benign and adversarial MCP payloads.

Shadowgate Mcp

josephibra/shadowgate-mcp

Scan MCP tool calls for prompt injection, leaked secrets, and risky patterns before agents touch production integrations.

Overview

io.github.josephibra/shadowgate-mcp is an MCP server for the Ship phase that firewalls agent MCP calls by scanning for injection, secrets, and security risks.

What is this MCP server?

Firewall layer over MCP requests and responses
Detection focus: injection, secrets exposure, risky content
Hosted streamable-http remote at shadowgate-mcp.mcp.xpay.sh
Version 1.0.0 from josephibra/shadowgate-mcp
Complements agent tooling rather than replacing secure coding
Server version 1.0.0
1 published streamable-http remote endpoint
GitHub repository josephibra/shadowgate-mcp

Compatible agents: Claude Code, Cursor, Codex, Windsurf

What problem does it solve?

Every new MCP server increases the chance agents execute injected instructions or exfiltrate secrets through tool I/O.

Who is it for?

Indie builders running multiple MCP integrations who want an explicit security scan on agent tool traffic before launch.

Skip if: Teams without MCP in production, or organizations that need on-prem only with no hosted security remote.

What do I get? / Deliverables

Risky MCP traffic gets flagged or blocked so you can ship agent features with a dedicated security gate in the loop.

Scanned MCP call pipeline with risk signals on injection and secrets
Clearer go/no-go before enabling new tools in production
Documented security gate in your agent launch checklist

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

How it compares

MCP traffic firewall, not a full SAST suite or generic code-review skill.

Common Questions / FAQ

Who is io.github.josephibra/shadowgate-mcp for?

Solo builders and small teams shipping Claude Code or Cursor workflows with several MCP servers who want injection and secret scanning on tool calls.

When should I use io.github.josephibra/shadowgate-mcp?

Use it in Ship security when agent MCP usage is real, integrations are multiplying, and you need a policy layer before users or production data are exposed.

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is io.github.josephibra/shadowgate-mcp for?

When should I use io.github.josephibra/shadowgate-mcp?

How do I add io.github.josephibra/shadowgate-mcp to my agent?

This week for builders

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is io.github.josephibra/shadowgate-mcp for?

When should I use io.github.josephibra/shadowgate-mcp?

How do I add io.github.josephibra/shadowgate-mcp to my agent?