decoy-mcp 0.4.2 → 0.4.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +7 -7
  2. package/package.json +2 -2
package/README.md CHANGED
@@ -1,8 +1,8 @@
1
1
  # Decoy
2
2
 
3
- Security tripwires for AI agents. Detect prompt injection before it causes damage.
3
+ Security tripwires for AI agents. Detect prompt injection in real time.
4
4
 
5
- Decoy is a fake MCP server that advertises tools an AI agent should never call — `execute_command`, `read_file`, `make_payment`, and more. In normal operation, your agent ignores them. When prompt injection overrides behavior, the decoy catches the full attack payload and alerts you.
5
+ Decoy adds a decoy MCP server alongside your real tools 12 tripwire tools like `execute_command`, `read_file`, and `make_payment` that no legitimate agent should ever call. When a prompt injection attack tricks your agent into calling one, Decoy captures the full payload and alerts you instantly.
6
6
 
7
7
  ## Quick start
8
8
 
@@ -117,14 +117,14 @@ Add to your `claude_desktop_config.json`:
117
117
  "mcpServers": {
118
118
  "system-tools": {
119
119
  "command": "node",
120
- "args": ["~/.config/Claude/decoy/server.mjs"],
120
+ "args": ["~/Library/Application Support/Claude/decoy/server.mjs"],
121
121
  "env": { "DECOY_TOKEN": "your-token" }
122
122
  }
123
123
  }
124
124
  }
125
125
  ```
126
126
 
127
- Get a token at [decoy.run](https://decoy.run).
127
+ Get a token at [app.decoy.run/login](https://app.decoy.run/login?signup).
128
128
 
129
129
  ## Dashboard
130
130
 
@@ -134,9 +134,9 @@ Your dashboard is at [app.decoy.run/dashboard](https://app.decoy.run/dashboard).
134
134
 
135
135
  You can also sign in with your token directly. Find it with `npx decoy-mcp status`.
136
136
 
137
- **Free** — 12 tripwire tools, 7-day history, email alerts for triggers, weekly threat digest, dashboard + API. Forever.
137
+ **Free** — 12 tripwire tools, 7-day history, email alerts, dashboard + API. Forever.
138
138
 
139
- **Pro ($9/mo)** — 90-day history, Slack + webhook alerts for triggers, threat digest to Slack, multiple projects, agent fingerprinting.
139
+ **Pro ($9/mo)** — 90-day history, Slack + webhook alerts, agent fingerprinting, agent pause/resume.
140
140
 
141
141
  ## Local-only mode
142
142
 
@@ -169,7 +169,7 @@ This is the same principle behind canary tokens and network deception. Tripwires
169
169
 
170
170
  ## Research
171
171
 
172
- We tested prompt injection against 12 models. Qwen 2.5 was fully compromised at both 7B and 14B — it called all three tools with attacker-controlled arguments. All Claude models resisted.
172
+ We tested prompt injection against 12 models. Qwen 2.5 was fully compromised at both 7B and 14B — it called all three tools with attacker-controlled arguments. All Claude models resisted. Read the full report: [State of Prompt Injection 2026](https://decoy.run/blog/state-of-prompt-injection-2026).
173
173
 
174
174
  ## License
175
175
 
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "decoy-mcp",
3
- "version": "0.4.2",
4
- "description": "Security tripwires for AI agents. Detect prompt injection attacks on your MCP tools.",
3
+ "version": "0.4.3",
4
+ "description": "Security tripwires for AI agents. Detect prompt injection in real time.",
5
5
  "bin": {
6
6
  "decoy-mcp": "bin/cli.mjs"
7
7
  },