Security sidecar for MCP servers: prompt-injection scan, Ed25519 verify, tools/list drift. 10 tools.
Part of the StudioMeyer MCP Stack — Built in Mallorca 🌴 · ⭐ if you use it Drop-in Rust sidecar that wraps any MCP server. Scans tool calls for prompt injection, validates Ed25519 manifest signatures (with TOFU keystore + Sigstore Rekor bridge since v0.2), exports OTLP gRPC telemetry (on since v0.4 — closes the shutdown-hang class), blocks marketplace-poisoning vectors, strips loader-class env…
Verification confirms publisher identity (repo ownership), not code safety. The security scan covers known CVEs and suspicious install scripts — it cannot prove the absence of malicious code.
Part of the StudioMeyer MCP Stack — Built in Mallorca 🌴 · ⭐ if you use it Drop-in Rust sidecar that wraps any MCP server. Scans tool calls for prompt injection, validates Ed25519 manifest signatures (with TOFU keystore + Sigstore Rekor bridge since v0.2), exports OTLP gRPC telemetry (on since v0.4 — closes the shutdown-hang class), blocks marketplace-poisoning vectors, strips loader-class env keys from spawned children (, , … — new in v0.3), folds Unicode confusables to detect homoglyph…