Local guardrail proxy that blocks destructive MCP tool calls, rug pulls, and tool poisoning
is a tiny, local MCP guardrail that sits between your AI coding agent (Cursor, Claude Code, …) and the real MCP servers your agent talks to (postgres, github, shell, filesystem, …) — local stdio servers and, since v0.9, remote Streamable HTTP ones. On every it evaluates 50+ adaptive safety rules (plus an optional 40-rule community pack) across eight destructive surfaces — SQL, git, filesystem,…
Verification confirms publisher identity (repo ownership), not code safety. The security scan covers known CVEs and suspicious install scripts — it cannot prove the absence of malicious code.
is a tiny, local MCP guardrail that sits between your AI coding agent (Cursor, Claude Code, …) and the real MCP servers your agent talks to (postgres, github, shell, filesystem, …) — local stdio servers and, since v0.9, remote Streamable HTTP ones. On every it evaluates 50+ adaptive safety rules (plus an optional 40-rule community pack) across eight destructive surfaces — SQL, git, filesystem, secrets exfiltration, supply-chain RCE, reverse shells, sudo / privilege escalation, cloud…