I built ContextGuard after discovering that 43% of MCP servers have critical security vulnerabilities. MCP (Model Context Protocol) is the new standard that lets Claude Clients(Desktop, Windsurf, Cursor, etc.) access external tools and data sources - think of it as a plugin system for AI assistants.
The problem: When you give those clients access to your filesystem, databases, or APIs through MCP servers, you're opening up serious attack vectors. Prompt injection, data leakage, and path traversal attacks are all possible. Most developers building MCP servers don't have security expertise, and there wasn't an easy way to add protection.
What ContextGuard does:
- Wraps your MCP server as a transparent security proxy
- Detects 8+ prompt injection patterns in real-time
- Scans for sensitive data (API keys, passwords, SSNs) in responses
- Prevents path traversal attacks
- Rate limiting to prevent abuse
- Comprehensive JSON logging for auditing
- <1% performance overhead
Technical approach:
- TypeScript-based stdio proxy
- Pattern matching + heuristics for threat detection
- Works with any MCP server using stdio transport
- Zero code changes needed - just wrap your existing server
- All detection happens synchronously in the request/response flow
The README includes a testing section where you can see the same attacks succeed on an unprotected server vs being blocked with ContextGuard enabled. It's pretty eye-opening to see how easy these attacks are.
Why open source:
Security tools need transparency. I want the community to audit the detection patterns, contribute new ones, and help identify blind spots. Plus, MCP is still early days - we need to establish security best practices together.
Roadmap:
Currently working on SSE/HTTP transport support, a web dashboard for monitoring, and a custom rule engine. Planning to offer Pro features for enterprises (team management, priority support, advanced analytics) while keeping the core security features free and open source forever.
I'd love feedback on:
1. What other attack patterns should I prioritize detecting?
2. Is the web dashboard a must-have or nice-to-have?
3. Any blind spots in the current detection logic?
4. Should I focus more on detection accuracy or performance?
I built ContextGuard after discovering that 43% of MCP servers have critical security vulnerabilities. MCP (Model Context Protocol) is the new standard that lets Claude Clients(Desktop, Windsurf, Cursor, etc.) access external tools and data sources - think of it as a plugin system for AI assistants.
The problem: When you give those clients access to your filesystem, databases, or APIs through MCP servers, you're opening up serious attack vectors. Prompt injection, data leakage, and path traversal attacks are all possible. Most developers building MCP servers don't have security expertise, and there wasn't an easy way to add protection.
What ContextGuard does: - Wraps your MCP server as a transparent security proxy - Detects 8+ prompt injection patterns in real-time - Scans for sensitive data (API keys, passwords, SSNs) in responses - Prevents path traversal attacks - Rate limiting to prevent abuse - Comprehensive JSON logging for auditing - <1% performance overhead
Technical approach: - TypeScript-based stdio proxy - Pattern matching + heuristics for threat detection - Works with any MCP server using stdio transport - Zero code changes needed - just wrap your existing server - All detection happens synchronously in the request/response flow
The README includes a testing section where you can see the same attacks succeed on an unprotected server vs being blocked with ContextGuard enabled. It's pretty eye-opening to see how easy these attacks are.
Why open source: Security tools need transparency. I want the community to audit the detection patterns, contribute new ones, and help identify blind spots. Plus, MCP is still early days - we need to establish security best practices together.
Roadmap: Currently working on SSE/HTTP transport support, a web dashboard for monitoring, and a custom rule engine. Planning to offer Pro features for enterprises (team management, priority support, advanced analytics) while keeping the core security features free and open source forever.
I'd love feedback on: 1. What other attack patterns should I prioritize detecting? 2. Is the web dashboard a must-have or nice-to-have? 3. Any blind spots in the current detection logic? 4. Should I focus more on detection accuracy or performance?
The project is on GitHub with full docs and examples: https://github.com/amironi/contextguard
You can try it right now: npm install -g contextguard contextguard --server "node your-mcp-server.js"
Happy to answer any questions!