npm - agent-mcp-guard - Versions diffs - 0.1.0 → 0.1.1 - Mend

agent-mcp-guard 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md +68 -50
package/SECURITY.md +40 -0
package/docs/business-playbook.md +64 -0
package/docs/roadmap.md +35 -0
package/package.json +13 -2
package/site/assets/brand-mark.svg +6 -0
package/site/assets/readme-hero.svg +42 -0
package/src/cli.js +1 -1

package/README.md CHANGED Viewed

@@ -1,39 +1,26 @@
+<p align="center">
+  <img src="site/assets/readme-hero.svg" alt="mcp-guard scan report hero" width="100%">
+</p>
 # mcp-guard
-Open-source CLI scanner for risky MCP server and AI agent tool configuration.
+Local-first security scanning for MCP and AI agent tool configs.
-`mcp-guard` helps developers review MCP configs before giving AI agents access to files, shells, credentials, SaaS tools, or production systems.
+`mcp-guard` helps teams review what their AI agents can execute before those agents touch local files, shells, credentials, SaaS accounts, or production systems.
-## What It Detects
+Website: [chaoyue0307.github.io/mcp-guard](https://chaoyue0307.github.io/mcp-guard/)
-- Shell wrappers and inline scripts.
-- `node -e`, `python -c`, and other interpreter eval modes.
-- Remote package runners such as `npx`, `uvx`, `bunx`, and `pnpm dlx`.
-- Unpinned MCP server package versions.
-- Secret-like environment variables and headers.
-- Broad filesystem access such as `/`, home, Desktop, Documents, or Downloads.
-- Remote MCP server URLs.
-- Dangerous command patterns such as `rm -rf`, `sudo`, `chmod 777`, and curl pipe to shell.
+<p>
+  <a href="https://www.npmjs.com/package/agent-mcp-guard"><img alt="npm version" src="https://img.shields.io/npm/v/agent-mcp-guard?color=0f766e"></a>
+  <a href="https://github.com/ChaoYue0307/mcp-guard/actions"><img alt="CI" src="https://github.com/ChaoYue0307/mcp-guard/actions/workflows/ci.yml/badge.svg"></a>
+  <a href="LICENSE"><img alt="License" src="https://img.shields.io/badge/license-Apache--2.0-111827"></a>
+  <a href="https://github.com/ChaoYue0307/mcp-guard/releases/tag/v0.1.1"><img alt="Release" src="https://img.shields.io/github/v/release/ChaoYue0307/mcp-guard?color=7c2d12"></a>
+</p>
 ## Install
-For local development from this repo:
-```bash
-npm install -g .
-```
-After npm publication:
 ```bash
 npm install -g agent-mcp-guard
-```
-## Usage
-Scan common Claude Desktop, Cursor, and project MCP config locations:
-```bash
 mcp-guard scan
 ```
@@ -49,15 +36,43 @@ Generate a Markdown report:
 mcp-guard scan --format markdown --output mcp-guard-report.md
 ```
-Use in CI and fail when high-risk findings are present:
+Use in CI:
 ```bash
 mcp-guard scan --config .mcp.json --fail-on high
 ```
-## Supported Config Shape
+## What It Finds
+| Risk | Why it matters |
+| --- | --- |
+| Shell wrappers and inline scripts | Agent startup can become arbitrary code execution. |
+| `npx`, `uvx`, `bunx`, `pnpm dlx` | Remote package execution expands supply-chain risk. |
+| Unpinned packages | A trusted MCP server can change underneath you. |
+| Secret-like env vars and headers | Long-lived tokens leak into tool runtimes and reports. |
+| Broad filesystem access | Home, root, Desktop, Documents, and Downloads are high-blast-radius paths. |
+| Remote MCP URLs | Data may leave the local trust boundary. |
+| Dangerous command patterns | `rm -rf`, `sudo`, `chmod 777`, and curl-pipe-shell should block review. |
+## Example Output
+```text
+mcp-guard scan report
+Scanned files: 1
+MCP servers: 3
+Findings: 9
+Risk score: 98
+Critical: 2  High: 5  Medium: 2  Low: 0
+- [CRITICAL] MCP010 Shell command executes inline script
+- [HIGH] MCP021 Remote MCP package is not version pinned
+- [HIGH] MCP030 Secret-like environment variable is exposed to MCP server
+- [HIGH] MCP041 MCP server argument grants broad filesystem access
+```
+See the full sample report: [examples/sample-report.md](examples/sample-report.md)
-`mcp-guard` supports the common MCP config shape used by Claude Desktop, Cursor, and many project configs:
+## Supported Config Shape
 ```json
 {
@@ -74,45 +89,48 @@ mcp-guard scan --config .mcp.json --fail-on high
 }
 ```
-It also accepts `servers` as an alternative top-level key.
+`mcp-guard` supports the common `mcpServers` shape used by Claude Desktop, Cursor, and project-level MCP configs. It also accepts `servers` as an alternative top-level key.
-## Example
+## Why Local-First
-```bash
-npm run scan:example
-```
-This scans `examples/unsafe-claude_desktop_config.json` and writes `examples/sample-report.md`.
+MCP configs often contain sensitive local paths, internal hostnames, tokens, and workflow details. `mcp-guard` runs locally by default:
-## Exit Codes
+- no config upload;
+- no external API call;
+- secret-like values redacted in reports;
+- text, Markdown, and JSON output for local review and CI.
-- `0`: scan completed and did not hit the fail threshold.
-- `1`: CLI usage or runtime error.
-- `2`: finding severity met `--fail-on` threshold.
+## Commercial Support
-## Privacy
+Need help reviewing a real AI agent or MCP setup?
-`mcp-guard` is local-first:
+I offer private **AI Agent/MCP Security Audits** covering server inventory, risky startup commands, secret exposure, filesystem scope, remote MCP endpoints, and remediation planning.
-- It does not upload configs.
-- It does not call external APIs.
-- It redacts secret-like values in reports by default.
+Contact: [hechaoyue0307@gmail.com](mailto:hechaoyue0307@gmail.com)
-MCP configs and reports can still contain sensitive paths, hostnames, and configuration details. Review before sharing.
+Service details: [docs/paid-audit.md](docs/paid-audit.md)
 ## Documentation
 - [Rule reference](docs/rules.md)
 - [Privacy and security](docs/privacy-and-security.md)
-- [Paid audit service](docs/paid-audit.md)
+- [Roadmap](docs/roadmap.md)
+- [Business playbook](docs/business-playbook.md)
 - [Launch checklist](docs/launch-checklist.md)
 - [Operator runbook](docs/operator-runbook.md)
-## Commercial Support
+## Exit Codes
-Need a private AI Agent/MCP security audit?
+- `0`: scan completed and did not hit the fail threshold.
+- `1`: CLI usage or runtime error.
+- `2`: finding severity met `--fail-on` threshold.
-The first paid service is a focused review of your MCP and agent tool setup: inventory, risk report, remediation checklist, and a hardening call. See [docs/paid-audit.md](docs/paid-audit.md).
+## Development
+```bash
+npm test
+npm run release:check
+```
 ## License

package/SECURITY.md ADDED Viewed

@@ -0,0 +1,40 @@
+# Security Policy
+## Supported Versions
+`mcp-guard` is early-stage software. Security fixes target the latest npm version.
+## Reporting A Vulnerability
+Please do not open a public issue for a vulnerability that could expose users.
+Email: [hechaoyue0307@gmail.com](mailto:hechaoyue0307@gmail.com)
+Include:
+- affected version;
+- operating system;
+- config sample with secrets removed;
+- reproduction steps;
+- expected and actual behavior;
+- potential impact.
+I will acknowledge valid reports as quickly as practical and coordinate disclosure before publishing details.
+## Scope
+In scope:
+- secret redaction failures;
+- unexpected config upload or network access;
+- incorrect handling of local files;
+- CLI behavior that hides high-risk findings;
+- supply-chain or package publishing issues.
+Out of scope:
+- generic MCP server vulnerabilities unrelated to `mcp-guard`;
+- findings that require already-compromised local admin access;
+- social engineering against maintainers;
+- spam or automated low-signal reports.

package/docs/business-playbook.md ADDED Viewed

@@ -0,0 +1,64 @@
+# Business Playbook
+## Positioning
+`mcp-guard` is the local-first security scanner for teams adopting AI agents and MCP servers.
+The business is not the open-source CLI alone. The CLI creates trust and distribution. Revenue comes from private audits, remediation, and eventually team workflows.
+## First Paid Offer
+AI Agent/MCP Security Audit.
+Deliverables:
+- MCP server inventory;
+- `mcp-guard` scan report;
+- manual review of high-risk findings;
+- prioritized remediation plan;
+- 60-minute hardening call;
+- optional PR with safer config changes.
+## Pricing
+| Customer | Price |
+| --- | ---: |
+| Solo founder / indie team | USD 300-800 |
+| Small startup | USD 1,000-3,000 |
+| Funded team / private deployment pilot | USD 3,000-8,000 |
+## Outreach Copy
+```text
+I built mcp-guard, an open-source local scanner for MCP and AI agent tool configs.
+It checks for risky shell access, unpinned npx packages, broad filesystem permissions, exposed secrets, and remote MCP servers.
+I am doing a few early MCP security audits for teams using Claude, Cursor, Codex, or MCP in real workflows. If you send a redacted config or run the CLI locally, I can help interpret the report and suggest hardening steps.
+```
+## First 20 Targets
+- MCP server authors.
+- AI automation agencies.
+- Devtool startups using MCP.
+- Teams publishing agent demos with real tool access.
+- Founders discussing Cursor, Claude Code, Codex, or MCP on GitHub, X, LinkedIn, Hacker News, or Discord.
+## Validation Signals
+Strong:
+- user shares real redacted config;
+- user asks for CI integration;
+- user asks whether a finding is exploitable;
+- user pays for remediation;
+- team asks for monthly scanning.
+Weak:
+- stars without config samples;
+- vague security interest;
+- requests for a full dashboard before any audit;
+- only free users with toy configs.

package/docs/roadmap.md ADDED Viewed

@@ -0,0 +1,35 @@
+# Product Roadmap
+`mcp-guard` should stay narrow: local-first MCP and AI agent tool security that produces actionable reports.
+## Now
+- CLI config scanning.
+- Text, Markdown, and redacted JSON output.
+- Rules for shell wrappers, remote package runners, unpinned packages, broad filesystem access, secret-like env vars/headers, and remote MCP URLs.
+- CI usage with `--fail-on`.
+## Next
+1. GitHub Action wrapper.
+2. HTML audit report.
+3. More MCP client discovery paths.
+4. Rule packs mapped to MCP security best practices.
+5. `mcp-guard audit` mode for client-ready reports.
+## Later
+1. Policy file: approved commands, packages, directories, and remote URLs.
+2. Baseline mode: accept known findings and fail only on new risks.
+3. SBOM/package metadata checks for MCP server packages.
+4. Local web report viewer.
+5. Hosted team dashboard only after repeated paid audit demand.
+## Product Principles
+- Local-first by default.
+- Findings must include a fix.
+- Avoid noisy rules that do not change behavior.
+- Prefer workflow integration over dashboards.
+- Services first, SaaS later.

package/package.json CHANGED Viewed

@@ -1,8 +1,16 @@
 {
   "name": "agent-mcp-guard",
-  "version": "0.1.0",
+  "version": "0.1.1",
   "description": "Open-source CLI scanner for risky MCP server and AI agent tool configuration.",
   "type": "module",
+  "homepage": "https://chaoyue0307.github.io/mcp-guard/",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/ChaoYue0307/mcp-guard.git"
+  },
+  "bugs": {
+    "url": "https://github.com/ChaoYue0307/mcp-guard/issues"
+  },
   "bin": {
     "mcp-guard": "bin/mcp-guard.js"
   },
@@ -33,7 +41,10 @@
     "src",
     "README.md",
     "LICENSE",
+    "SECURITY.md",
     "docs",
-    "examples"
+    "examples",
+    "site/assets/readme-hero.svg",
+    "site/assets/brand-mark.svg"
   ]
 }

package/site/assets/brand-mark.svg ADDED Viewed

@@ -0,0 +1,6 @@
+<svg width="96" height="96" viewBox="0 0 96 96" fill="none" xmlns="http://www.w3.org/2000/svg" role="img" aria-label="mcp-guard mark">
+  <rect width="96" height="96" rx="22" fill="#101312"/>
+  <path d="M29 48l19-24 19 24-19 24-19-24z" fill="#2dd4bf"/>
+  <path d="M52 23l28 25-28 25" stroke="#f8fafc" stroke-width="10" stroke-linecap="round" stroke-linejoin="round"/>
+</svg>

package/site/assets/readme-hero.svg ADDED Viewed

@@ -0,0 +1,42 @@
+<svg width="1200" height="420" viewBox="0 0 1200 420" fill="none" xmlns="http://www.w3.org/2000/svg" role="img" aria-labelledby="title desc">
+  <title id="title">mcp-guard scan report</title>
+  <desc id="desc">A dark product hero showing an MCP security scan report with critical, high, medium, and low findings.</desc>
+  <rect width="1200" height="420" rx="28" fill="#101312"/>
+  <path d="M0 0h1200v420H0z" fill="url(#grid)" opacity=".22"/>
+  <path d="M925 0h275v150L1015 94 925 132V0z" fill="#0f766e" opacity=".2"/>
+  <path d="M0 282l202 64 144-42v116H0V282z" fill="#7c2d12" opacity=".18"/>
+  <rect x="70" y="66" width="440" height="288" rx="22" fill="#f8fafc"/>
+  <rect x="96" y="94" width="78" height="78" rx="18" fill="#101312"/>
+  <path d="M121 133l15-19 15 19-15 19-15-19z" fill="#2dd4bf"/>
+  <path d="M139 112l23 21-23 21" stroke="#f8fafc" stroke-width="8" stroke-linecap="round" stroke-linejoin="round"/>
+  <text x="198" y="122" fill="#101312" font-family="Inter, Arial, sans-serif" font-size="34" font-weight="800">mcp-guard</text>
+  <text x="198" y="154" fill="#475569" font-family="Inter, Arial, sans-serif" font-size="18">Local-first MCP config security scanner</text>
+  <rect x="96" y="196" width="360" height="16" rx="8" fill="#dbeafe"/>
+  <rect x="96" y="226" width="270" height="16" rx="8" fill="#ccfbf1"/>
+  <rect x="96" y="256" width="322" height="16" rx="8" fill="#ffedd5"/>
+  <rect x="96" y="296" width="152" height="40" rx="20" fill="#0f766e"/>
+  <text x="125" y="322" fill="#fff" font-family="Inter, Arial, sans-serif" font-size="16" font-weight="700">npm install</text>
+  <rect x="546" y="44" width="584" height="332" rx="24" fill="#0b0f0e" stroke="#33413d"/>
+  <rect x="546" y="44" width="584" height="54" rx="24" fill="#161d1b"/>
+  <circle cx="576" cy="71" r="6" fill="#ef4444"/>
+  <circle cx="598" cy="71" r="6" fill="#f59e0b"/>
+  <circle cx="620" cy="71" r="6" fill="#10b981"/>
+  <text x="652" y="77" fill="#94a3b8" font-family="Menlo, Consolas, monospace" font-size="14">mcp-guard scan --fail-on high</text>
+  <text x="586" y="134" fill="#e2e8f0" font-family="Menlo, Consolas, monospace" font-size="20" font-weight="700">scan report</text>
+  <text x="586" y="172" fill="#94a3b8" font-family="Menlo, Consolas, monospace" font-size="15">MCP servers: 3    Findings: 9    Risk score: 98</text>
+  <rect x="586" y="204" width="138" height="38" rx="12" fill="#7f1d1d"/>
+  <text x="610" y="229" fill="#fecaca" font-family="Inter, Arial, sans-serif" font-size="14" font-weight="800">2 critical</text>
+  <rect x="742" y="204" width="112" height="38" rx="12" fill="#7c2d12"/>
+  <text x="767" y="229" fill="#fed7aa" font-family="Inter, Arial, sans-serif" font-size="14" font-weight="800">5 high</text>
+  <rect x="872" y="204" width="124" height="38" rx="12" fill="#713f12"/>
+  <text x="897" y="229" fill="#fde68a" font-family="Inter, Arial, sans-serif" font-size="14" font-weight="800">2 medium</text>
+  <rect x="586" y="272" width="482" height="1" fill="#33413d"/>
+  <text x="586" y="306" fill="#fca5a5" font-family="Menlo, Consolas, monospace" font-size="15">MCP010 shell command executes inline script</text>
+  <text x="586" y="334" fill="#fdba74" font-family="Menlo, Consolas, monospace" font-size="15">MCP030 secret-like env var exposed</text>
+  <text x="586" y="362" fill="#fef3c7" font-family="Menlo, Consolas, monospace" font-size="15">MCP041 broad filesystem access</text>
+  <defs>
+    <pattern id="grid" width="38" height="38" patternUnits="userSpaceOnUse">
+      <path d="M38 0H0v38" stroke="#f8fafc" stroke-width="1"/>
+    </pattern>
+  </defs>
+</svg>

package/src/cli.js CHANGED Viewed

@@ -4,7 +4,7 @@ import { scan } from "./scan.js";
 import { generateJsonReport, generateMarkdownReport, generateTextReport } from "./report.js";
 import { compareSeverity, severityRank } from "./severity.js";
-const VERSION = "0.1.0";
+const VERSION = "0.1.1";
 export async function runCli(argv, io) {
   const args = argv.slice(2);