protect-mcp — MCP Security Gateway
What This Skill Does
Wraps any MCP server as a transparent stdio proxy with per-tool security
policies and cryptographic audit trail. Every tool call decision is logged
and optionally Ed25519-signed.
Quick Start
CODEBLOCK0
Policy Example
CODEBLOCK1
Pre-built Policy Packs
protect-mcp ships CVE-anchored policy packs:
CODEBLOCK2
Verify Receipts
Receipts are independently verifiable offline — no ScopeBlind dependency:
CODEBLOCK3
OWASP MCP Top 10 Coverage
| Risk | Control |
|---|
| MCP-01 Rug Pulls | Signed tool manifests; policy pins allowed tools |
| MCP-03 Tool Poisoning |
Per-tool allow/deny/rate-limit policies |
| MCP-04 Tool Arg Injection | Argument inspection + approval gates |
| MCP-07 Auth/AuthZ | Trust-tier gating |
| MCP-08 Logging & Audit | Ed25519-signed receipts — verifiable offline |
| MCP-09 Excessive Agency | Shadow mode reveals actual tool usage |
Links
- - npm: https://npmjs.com/package/protect-mcp
- IETF Draft: https://datatracker.ietf.org/doc/draft-farley-acta-signed-receipts/
- Docs: https://scopeblind.com/docs/protect-mcp
- OWASP Mapping: https://scopeblind.com/docs/owasp
protect-mcp — MCP安全网关
技能功能
将任意MCP服务器封装为透明stdio代理,提供按工具划分的安全策略和加密审计追踪。每次工具调用决策均被记录,并可选择使用Ed25519签名。
快速开始
bash
监控模式 — 记录所有操作,不拦截任何行为
npx protect-mcp -- node your-server.js
强制模式 — 应用按工具策略
npx protect-mcp --policy policy.json --enforce -- node your-server.js
初始化签名(生成Ed25519密钥对)
npx protect-mcp init
策略示例
json
{
tools: {
db_write: { decision: deny },
file_read: { decision: allow, rateLimit: { maxCalls: 30, windowSecs: 60 } },
deploy: { decision: require_approval }
}
}
预置策略包
protect-mcp内置基于CVE的策略包:
bash
列出可用策略
npx protect-mcp policies
应用Clinejection防御策略
npx protect-mcp --policy clinejection --enforce -- node your-server.js
验证收据
收据可独立离线验证,无需依赖ScopeBlind:
bash
npx @veritasacta/verify receipt.json
npx @veritasacta/verify --self-test
OWASP MCP十大风险覆盖
| 风险 | 控制措施 |
|---|
| MCP-01 抽逃资金 | 签名工具清单;策略锁定允许工具 |
| MCP-03 工具投毒 |
按工具允许/拒绝/限流策略 |
| MCP-04 工具参数注入 | 参数检查+审批关卡 |
| MCP-07 认证/授权 | 信任层级关卡 |
| MCP-08 日志与审计 | Ed25519签名收据—可离线验证 |
| MCP-09 过度权限 | 监控模式揭示实际工具使用情况 |
链接
- - npm:https://npmjs.com/package/protect-mcp
- IETF草案:https://datatracker.ietf.org/doc/draft-farley-acta-signed-receipts/
- 文档:https://scopeblind.com/docs/protect-mcp
- OWASP映射:https://scopeblind.com/docs/owasp
