mcp-guard

mcp-guard

Adds security capabilities like port scanning, TLS inspection, DNS enumeration, process monitoring, secrets scanning, HTTP header auditing, and CVE checking to Claude Code and Cursor.

Category
Visit Server

README

mcp-guard

npm npm downloads license Go mcp-guard MCP server

Security and network MCP server for Claude Code and Cursor. Written in Go.

Why mcp-guard

Most MCP servers are API wrappers. Claude could look up the same data itself if it had web access.

mcp-guard is different. 12 of its 22 tools require a physical machine to function. Wi-Fi scanning needs a radio chip. Bluetooth scanning needs an adapter. ARP discovery sends Layer 2 frames that never leave your local network — no cloud service receives them. File watching subscribes to kernel events on your machine's filesystem. USB enumeration reads your physical ports.

Claude runs in a data center. It has none of these things. These tools only work because the binary is running on your computer.

Tools

Local hardware (impossible for any remote service)

Tool What it does
wifi_scan Scan nearby Wi-Fi networks via your wireless hardware — SSID, BSSID, signal, channel, security
bluetooth_scan Enumerate nearby Bluetooth devices via your adapter — name, address, type, pairing status
usb_devices List all USB devices connected to this machine — vendor, product ID, speed, manufacturer
arp_scan Layer 2 LAN discovery — finds every device on your network including ones that block ICMP/TCP, with MAC addresses and vendor IDs
ping_sweep ICMP host discovery across a CIDR range from your machine's network stack
traceroute Hop-by-hop network path from this machine via ICMP TTL probes
file_watch Kernel FS event stream (FSEvents on macOS, inotify on Linux) — real-time create/write/delete/rename
sys_info Local hardware: CPU model, RAM, disk, uptime, all network interfaces with IPs and MACs
open_files Every file, socket, and pipe held open by processes on this machine via lsof
proc_list Running processes with CPU% and memory — filter by name
net_connections Live TCP connections on this machine (netstat -an)
scan_secrets Walk local files for hardcoded credentials — 20+ patterns (AWS, GitHub, OpenAI, Stripe, Slack, DB URLs, private keys)
hash_files SHA-256 every file in a directory — integrity baseline before/after deploys

Forensics and supply chain

Tool What it does
persistence_scan Checks this machine for malware persistence: LaunchAgents/Daemons (macOS), systemd units (Linux), cron jobs, shell profile injections. Flags curl-pipe-to-bash, base64 payloads, binaries in /tmp
supply_chain_audit Audits node_modules for supply chain attacks: lifecycle scripts that download/execute remote code, typosquatting (Levenshtein distance 1 against 50 popular packages), eval() of runtime data in source

Network utilities

Tool What it does
port_scan Concurrent TCP scanner — 200 goroutines, service name lookup
banner_grab Raw TCP banner from any protocol — SSH, FTP, SMTP, Redis, MySQL
ssl_inspect Full TLS certificate chain — key size, algorithm, expiry, SANs
dns_enum A, AAAA, MX, NS, TXT, CNAME — detects missing SPF/DMARC
audit_headers HTTP security header audit scored 0–100 with letter grade
check_cves npm dependency CVE check via OSV — no API key
jwt_decode Local JWT decode — algorithm, expiry, security warnings

Setup

Claude Code

Add to ~/.claude/settings.json:

{
  "mcpServers": {
    "mcp-guard": {
      "command": "npx",
      "args": ["-y", "@zent7x/mcp-guard"]
    }
  }
}

Cursor

Add to .cursor/mcp.json:

{
  "mcpServers": {
    "mcp-guard": {
      "command": "npx",
      "args": ["-y", "@zent7x/mcp-guard"]
    }
  }
}

Global install

npm install -g @zent7x/mcp-guard

Then use "command": "mcp-guard" instead of npx in the config above.

Example output

> wifi_scan

Wi-Fi networks (8 found)

SSID                              BSSID               SIGNAL    CHANNEL  SECURITY
──────────────────────────────────────────────────────────────────────────────────────────
HomeNetwork                       a4:c3:f0:11:22:33   -42 dBm   6        WPA2 Personal
OfficeWifi                        b8:27:eb:44:55:66   -67 dBm   11       WPA2 Enterprise

> arp_scan 192.168.1.0/24

LAN devices in 192.168.1.0/24 (6 found)

IP                  MAC                  HOSTNAME              VENDOR
────────────────────────────────────────────────────────────────────────────────
192.168.1.1         a4:c3:f0:ab:cd:ef    router.local          Apple
192.168.1.42        b8:27:eb:12:34:56    raspberrypi.local     Raspberry Pi
192.168.1.100       00:0c:29:78:90:ab                          VMware

> bluetooth_scan

Bluetooth devices (4 found)

NAME                            ADDRESS               TYPE                  STATUS
─────────────────────────────────────────────────────────────────────────────────────────
AirPods Pro                     a1:b2:c3:d4:e5:f6                           paired
MX Keys                         11:22:33:44:55:66     Keyboard              paired
Sony WH-1000XM5                 aa:bb:cc:dd:ee:ff     Headphones            not paired

How it works

The npm package downloads a pre-compiled Go binary for your platform on first run. The binary speaks the MCP stdio protocol — your editor spawns it on startup and the tools appear automatically.

Platform binaries: darwin-arm64, darwin-amd64, linux-amd64, linux-arm64, windows-amd64.

Build from source

git clone https://github.com/zent7x/mcp-guard
cd mcp-guard
go build -o mcp-guard .

Requires Go 1.21+.

License

MIT

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured