Agent Firewall

Agent Firewall

Input/output safety gate for AI agents: detect prompt-injection/jailbreak, leaked secrets/PII, and URL/IP reputation. Deterministic, no LLM.

Category
Visit Server

README

Deterministic guards and tools for AI agents

Six small tools that AI agents and developers call constantly, each available both as a plain HTTP API and as an MCP server. No LLM in the loop, and no accounts or API keys for the free tier. Same input, same output. Boring and reliable on purpose.

Five of them are guards: one check per risky action an agent takes, such as installing a package, reading untrusted text or email, following a link, sending money, or writing code. The sixth is a utility set for reading and parsing the web. All are free to run, with paid tiers on RapidAPI for higher volume.

The tools

Tool What it checks Install (MCP) API RapidAPI
Package Guard A package before install: does it exist (slopsquat), vulns, malware, typosquats npx -y package-guard-mcp live listing
Agent Firewall Untrusted input: prompt injection, leaked secrets/PII, URL and IP reputation npx -y agent-firewall-mcp live listing
Payment Guard A payee before sending: OFAC sanctions, scam lists, honeypot tokens, ENS spoofs npx -y payment-guard-mcp live listing
Email Guard Inbound mail for injection/phishing, outbound for secret leaks and deliverability npx -y email-guard-mcp live listing
Code Guard AI-generated code: injection, SSRF, secrets, weak crypto, unsafe deserialization npx -y @mlawsonking/code-guard-mcp live listing
Agent Web Tools Web utilities: page to Markdown, metadata, CSS scrape, RSS, DNS, RDAP, SSL, HTTP npx -y web-tools-mcp live listing

Quick start (MCP)

Add any or all to your client config (Claude Desktop, Cursor, Claude Code, and so on):

{
  "mcpServers": {
    "package-guard":  { "command": "npx", "args": ["-y", "package-guard-mcp"] },
    "agent-firewall": { "command": "npx", "args": ["-y", "agent-firewall-mcp"] },
    "payment-guard":  { "command": "npx", "args": ["-y", "payment-guard-mcp"] },
    "email-guard":    { "command": "npx", "args": ["-y", "email-guard-mcp"] },
    "code-guard":     { "command": "npx", "args": ["-y", "@mlawsonking/code-guard-mcp"] },
    "web-tools":      { "command": "npx", "args": ["-y", "web-tools-mcp"] }
  }
}

Each one

Package Guard (package-guard-mcp)

verify_package (does it exist, else likely a hallucination or slopsquat, with suggestions), check_vulns (OSV), package_info, audit_deps, typosquat_scan. Ecosystems: npm, PyPI, Go, crates.io, RubyGems, Maven, NuGet. Data: OSV.dev, npm, PyPI. API: https://package-guard.vercel.app. Code: package-guard-mcp/ and package-guard/.

Agent Firewall (agent-firewall-mcp)

scan_content (prompt injection, jailbreak, hidden-text obfuscation), scan_secrets (secrets and PII, with a redacted copy), check_url, check_ip, check_password (HIBP, k-anonymity). Data: HIBP, RDAP, Tor, Team Cymru, DNS. API: https://agent-firewall-seven.vercel.app. Code: agent-firewall-mcp/ and agent-firewall/.

Payment Guard (payment-guard-mcp)

screen_address (address or ENS to a safe/caution/block verdict), screen_payment (x402 or merchant URL), check_sanctioned (fast OFAC), resolve_name (ENS, screened), screen_token (honeypot, rug, and tax risk via on-chain simulation). Data: OFAC SDN, ethereum-lists, ScamSniffer, honeypot.is, public RPC, ENS. Chains: Ethereum, Base, Polygon, Arbitrum, Optimism. API: https://payment-guard.vercel.app. Code: payment-guard-mcp/ and payment-guard/.

Email Guard (email-guard-mcp)

scan_inbound (injection and phishing hidden in a message, before the agent acts), scan_outbound (secret and PII leaks, deliverability), check_domain_auth (SPF, DMARC, MX, domain age, disposable). Data: DNS, RDAP, disposable-domain lists. API: https://email-guard-api.vercel.app. Code: email-guard-mcp/ and email-guard/.

Code Guard (@mlawsonking/code-guard-mcp)

scan_code and scan_diff (command, code, and SQL injection, SSRF, hardcoded secrets, weak crypto, unsafe deserialization, disabled TLS, XSS), list_rules (the rule catalog). API: https://code-guard-api.vercel.app. Code: code-guard-mcp/ and code-guard/.

Agent Web Tools (web-tools-mcp)

read_url (page to clean Markdown), unfurl_url, validate_email, extract_web (CSS scrape), get_feed (RSS/Atom), dns_lookup, domain_info (RDAP), ssl_check, http_inspect, structured_data. API: https://agent-tools-api.vercel.app. Code: agent-tools-mcp/ and agent-tools-api/.

How they're built

http and https only, a DNS-resolved SSRF guard, request timeouts, response size caps, and content-type checks. Deterministic, no LLM, no paid data sources. Each API is a serverless function on a free tier, and the MCP servers are thin stdio wrappers that call the same endpoints.

License

MIT, see LICENSE. Contributions and tool suggestions welcome.

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured