A proxy layer that sits between Claude and any MCP server to scan tool calls before they execute. It runs behavioral profiling on every tool (effect class, destructiveness, retry safety), checks arguments for 20+ injection patterns including SSRF and path traversal, scans outputs for prompt injection attempts, and gates risky calls with alternatives. The security audit mode pulls source from GitHub and runs entropy scanning, AST taint analysis, and Bandit checks without making live calls. Integrates with Cisco AI Defense, Snyk, Kali Linux MCP for network recon, and Burp Suite MCP for HTTP probing. Tracks drift by hashing server source on first scan and alerts on schema or implementation changes. Useful when wrapping third-party servers or hardening your own tools against composition attacks and credential leakage.
claude mcp add --transport stdio gautamvarmadatla-mcpsafetywarden uvx mcpsafetywarden