Safer Fetch MCP Server

A Model Context Protocol server that provides web content fetching capabilities with built-in prompt injection safeguards. This server enables LLMs to retrieve and process content from web pages, converting HTML to markdown for easier consumption, while protecting against malicious content that could manipulate the LLM.

Acknowledgements

This project is based on Anthropic's Fetch MCP server implementation and incorporates prompt injection safeguard code/patterns from Goose.

🚀 Quick Start

Installing the Server

Run the MCP server using uvx:

uvx --refresh mcp-server-fetch-tom

The --refresh flag ensures you always get the latest version.

Configuring in Your AI IDE

Choose your IDE and add the configuration to enable the fetch MCP server:

Claude Desktop

Edit your Claude Desktop configuration file:

• macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
• Windows: %APPDATA%\Claude\claude_desktop_config.json
• Linux: ~/.config/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "fetch": {
      "command": "uvx",
      "args": ["--refresh", "mcp-server-fetch-tom"]
    }
  }
}

VS Code (Cline / Roo Cline)

Add to your VS Code settings (.vscode/mcp.json in workspace or User Settings JSON):

{
  "mcp": {
    "servers": {
      "fetch": {
        "command": "uvx",
        "args": ["--refresh", "mcp-server-fetch-tom"]
      }
    }
  }
}

Or use the one-click install buttons:

Cursor

Add to Cursor settings:

1. Open Cursor Settings (Cmd/Ctrl + ,)
2. Search for "MCP"
3. Add server configuration, or edit .cursor/mcp.json:

{
  "mcpServers": {
    "fetch": {
      "command": "uvx",
      "args": ["--refresh", "mcp-server-fetch-tom"]
    }
  }
}

Continue (VS Code Extension)

Edit ~/.continue/config.json:

{
  "mcpServers": {
    "fetch": {
      "command": "uvx",
      "args": ["--refresh", "mcp-server-fetch-tom"]
    }
  }
}

Goose AI

Edit ~/.config/goose/profiles.yaml:

default:
  provider: openai
  processor: gpt-4
  accelerator: gpt-4o-mini
  moderator: passive
  toolkits:
    - developer
    - mcp
  mcp_servers:
    fetch:
      command: uvx
      args:
        - --refresh
        - mcp-server-fetch-tom

⚠️ Disclaimer

This software is provided "as is" without warranty of any kind. While this server implements prompt injection detection and mitigation measures, no security solution is 100% effective. The safeguards implemented are designed to reduce risk but cannot guarantee complete protection against all prompt injection attacks.

Users should:

• Exercise caution when fetching content from untrusted sources
• Review fetched content before acting on it in sensitive contexts
• Understand that determined attackers may find ways to bypass detection
• Not rely solely on these safeguards for security-critical applications

The maintainers are not responsible for any damages or security incidents resulting from the use of this software.

Security Features

This server includes prompt injection safeguards to protect LLMs from malicious web content:

1. Content Boundary Wrapping

All fetched content is wrapped in security boundary tags with a random boundary ID (to prevent escape attacks). The wrapper includes:

• Clear instructions that content should be treated as DATA ONLY, not as instructions
• Critical security rules for the LLM to follow
• Source URL attribution

2. Prompt Injection Pattern Detection

Content is scanned for 20+ suspicious patterns including:

• Instruction overrides: "ignore previous instructions", "disregard prior prompts"
• Role manipulation: "you are now", "act as", "pretend to be"
• System prompt attacks: "new system prompt", "override instructions"
• Jailbreak attempts: "developer mode", "DAN mode", "bypass restrictions"
• Output manipulation: "do not mention", "keep this secret"
• Encoded instructions: Base64 patterns, "decode and execute"

When suspicious patterns are detected:

• NO DATA is returned - the fetched content is completely blocked
• Only a warning message is returned indicating the number of patterns detected
• The source URL is provided so users can manually review if they believe it's a false positive

[!CAUTION] This server can access local/internal IP addresses and may represent a security risk. Exercise caution when using this MCP server to ensure this does not expose any sensitive data.

The fetch tool will truncate the response, but by using the start_index argument, you can specify where to start the content extraction. This lets models read a webpage in chunks, until they find the information they need.

Available Tools

• fetch - Fetches a URL from the internet and extracts its contents as markdown.
  • url (string, required): URL to fetch
  • max_length (integer, optional): Maximum number of characters to return (default: 5000)
  • start_index (integer, optional): Start content from this character index (default: 0)
  • raw (boolean, optional): Get raw content without markdown conversion (default: false)

When the output type is 'md' and the fetched resource is a PDF, it will be automatically converted to plain text.

Prompts

• fetch
  • Fetch a URL and extract its contents as markdown
  • Arguments:
    • url (string, required): URL to fetch

Installation

Using uv (recommended)

When using uv no specific installation is needed. We will use uvx to directly run mcp-server-fetch-tom:

uvx --refresh mcp-server-fetch-tom

Advanced Configuration

Alternative Installation Methods

The examples above use uvx for simplicity. You can also use:

<details> <summary>Docker</summary>

{
  "mcpServers": {
    "fetch": {
      "command": "docker",
      "args": ["run", "-i", "--rm", "mcp/fetch"]
    }
  }
}

</details>

<details> <summary>pip installation</summary>

First install: pip install mcp-server-fetch-tom

Then configure:

{
  "mcpServers": {
    "fetch": {
      "command": "mcp-server-fetch-tom"
    }
  }
}

</details>

Customization - User-agent

By default, depending on if the request came from the model (via a tool), or was user initiated (via a prompt), the server will use either the user-agent

ModelContextProtocol/1.0 (Autonomous; +https://github.com/modelcontextprotocol/servers)

or

ModelContextProtocol/1.0 (User-Specified; +https://github.com/modelcontextprotocol/servers)

This can be customized by adding the argument --user-agent=YourUserAgent to the args list in the configuration.

Customization - Proxy

The server can be configured to use a proxy by using the --proxy-url argument.

Windows Configuration

If you're experiencing timeout issues on Windows, you may need to set the PYTHONIOENCODING environment variable to ensure proper character encoding:

<details> <summary>Windows configuration (uvx)</summary>

{
  "mcpServers": {
    "fetch": {
      "command": "uvx",
      "args": ["--refresh", "mcp-server-fetch-tom"],
      "env": {
        "PYTHONIOENCODING": "utf-8"
      }
    }
  }
}

</details>

<details> <summary>Windows configuration (pip)</summary>

{
  "mcpServers": {
    "fetch": {
      "command": "mcp-server-fetch-tom",
      "env": {
        "PYTHONIOENCODING": "utf-8"
      }
    }
  }
}

</details>

This addresses character encoding issues that can cause the server to timeout on Windows systems.

Debugging

You can use the MCP inspector to debug the server. For uvx installations:

npx @modelcontextprotocol/inspector uvx mcp-server-fetch-tom

Or if you've installed the package in a specific directory or are developing on it:

cd path/to/fetch_mcp
npx @modelcontextprotocol/inspector uv run mcp-server-fetch-tom

Building and Publishing

For maintainers: See the Publishing Guide for detailed instructions on building and publishing to PyPI.

Quick Reference:

# Build the package
uvx --from build pyproject-build --installer uv

# Check the build
uvx twine check dist/*

# Upload to PyPI
uvx twine upload dist/*

Or use the Makefile:

make build   # Build package
make check   # Verify package
make upload  # Upload to PyPI

For more details, see:

• Full Publishing Guide - Comprehensive documentation
• Quick Start Guide - TL;DR version
• Makefile - Automated commands

Contributing

We encourage contributions to help expand and improve mcp-server-fetch. Whether you want to add new tools, enhance existing functionality, or improve documentation, your input is valuable.

For examples of other MCP servers and implementation patterns, see: https://github.com/modelcontextprotocol/servers

Pull requests are welcome! Feel free to contribute new ideas, bug fixes, or enhancements to make mcp-server-fetch even more powerful and useful.

Security Considerations

While this server implements prompt injection safeguards, security is a shared responsibility:

1. Defense in depth: These safeguards are one layer of protection; combine with other security measures
2. Regular updates: Keep the server updated to benefit from new pattern detection rules
3. Report vulnerabilities: If you discover a bypass or vulnerability, please report it responsibly
4. False positives: The pattern detection may flag legitimate content; review warnings in context

License

mcp-server-fetch is licensed under the MIT License. This means you are free to use, modify, and distribute the software, subject to the terms and conditions of the MIT License. For more details, please see the LICENSE file in the project repository.