MCP Fortress

Scan MCP servers you want to install for vulnerabilities, prompt injection, and tool-poisoning before they touch your agent config.

Overview

MCP Fortress is an MCP server for the Ship phase that scans other MCP servers for vulnerabilities, prompt injection, and tool poisoning.

What is this MCP server?

MCP-focused security scanner callable from compatible agents
Detection themes include vulnerabilities, prompt injection, and tool poisoning
Remote streamable-http endpoint on Smithery for hosted access
Version 0.3.6 in official MCP server registry metadata
Complements manual MCP server.json review before stdio or remote install
Registry version 0.3.6
Published streamable-http remote on server.smithery.ai
Scanner scope: vulnerabilities, prompt injection, and tool poisoning per description

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

What problem does it solve?

You are about to trust a community MCP server with your agent, but you lack a fast way to assess MCP-specific injection and tool-abuse risks.

Who is it for?

Solo builders curating MCP servers from Smithery, GitHub, or npm who want a security pass aligned to agent toolchains.

Skip if: Replacing full application pentests, dependency SBOM programs, or org-wide GRC—scope is MCP server assessment.

What do I get? / Deliverables

After registration, you can run MCP Fortress against candidate servers and use its findings to block, harden, or sandbox installs before agents get new tools.

Security-oriented assessment output for the target MCP server
Signal on injection and tool-poisoning style risks called out in registry description
Evidence to support allowlist or deny decisions in agent config

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

Adopting new MCP endpoints is a Ship-time security decision—same phase where you review dependencies and exposure before production agent workflows. Security subphase covers assessing untrusted tooling; MCP Fortress targets MCP-specific abuse classes rather than general SAST.

How it compares

MCP supply-chain scanner, not a general code linter or WAF product.

Common Questions / FAQ

Who is MCP Fortress for?

Indie developers and small teams adopting multiple MCP servers who need injection and tool-poisoning checks without standing up a full AppSec program.

When should I use MCP Fortress?

Use it in Ship security before adding a new remote or stdio MCP server, after upgrading server versions, or when evaluating Smithery-published endpoints.

How do I add MCP Fortress to my agent?

Add the streamable-http remote https://server.smithery.ai/@mcp-fortress/mcp-fortress-server/mcp in your MCP client remote config, or follow the project repo for alternate run modes.

MCP Fortress

Scan MCP servers you want to install for vulnerabilities, prompt injection, and tool-poisoning before they touch your agent config.

Overview

MCP Fortress is an MCP server for the Ship phase that scans other MCP servers for vulnerabilities, prompt injection, and tool poisoning.

What is this MCP server?

MCP-focused security scanner callable from compatible agents
Detection themes include vulnerabilities, prompt injection, and tool poisoning
Remote streamable-http endpoint on Smithery for hosted access
Version 0.3.6 in official MCP server registry metadata
Complements manual MCP server.json review before stdio or remote install
Registry version 0.3.6
Published streamable-http remote on server.smithery.ai
Scanner scope: vulnerabilities, prompt injection, and tool poisoning per description

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

What problem does it solve?

You are about to trust a community MCP server with your agent, but you lack a fast way to assess MCP-specific injection and tool-abuse risks.

Who is it for?

Solo builders curating MCP servers from Smithery, GitHub, or npm who want a security pass aligned to agent toolchains.

Skip if: Replacing full application pentests, dependency SBOM programs, or org-wide GRC—scope is MCP server assessment.

What do I get? / Deliverables

After registration, you can run MCP Fortress against candidate servers and use its findings to block, harden, or sandbox installs before agents get new tools.

Security-oriented assessment output for the target MCP server
Signal on injection and tool-poisoning style risks called out in registry description
Evidence to support allowlist or deny decisions in agent config

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

How it compares

MCP supply-chain scanner, not a general code linter or WAF product.

Common Questions / FAQ

Who is MCP Fortress for?

Indie developers and small teams adopting multiple MCP servers who need injection and tool-poisoning checks without standing up a full AppSec program.

When should I use MCP Fortress?

Use it in Ship security before adding a new remote or stdio MCP server, after upgrading server versions, or when evaluating Smithery-published endpoints.

How do I add MCP Fortress to my agent?

Add the streamable-http remote https://server.smithery.ai/@mcp-fortress/mcp-fortress-server/mcp in your MCP client remote config, or follow the project repo for alternate run modes.

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is MCP Fortress for?

When should I use MCP Fortress?

How do I add MCP Fortress to my agent?

This week for builders

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is MCP Fortress for?

When should I use MCP Fortress?

How do I add MCP Fortress to my agent?