@streamblur/mcp
v1.5.14
Published
StreamBlur MCP server - 9 tools, 77+ patterns. Auto-setup for Claude, Cursor, Windsurf. TUI welcome screen. Run npx @streamblur/mcp --setup to get started.
Maintainers
streamblurReadme
██████╗████████╗██████╗ ███████╗ █████╗ ███╗ ███╗██████╗ ██╗ ██╗ ██╗██████╗
██╔════╝╚══██╔══╝██╔══██╗██╔════╝██╔══██╗████╗ ████║██╔══██╗██║ ██║ ██║██╔══██╗
╚█████╗ ██║ ██████╔╝█████╗ ███████║██╔████╔██║██████╔╝██║ ██║ ██║██████╔╝
╚═══██╗ ██║ ██╔══██╗██╔══╝ ██╔══██║██║╚██╔╝██║██╔══██╗██║ ██║ ██║██╔══██╗
██████╔╝ ██║ ██║ ██║███████╗██║ ██║██║ ╚═╝ ██║██████╔╝███████╗╚██████╔╝██║ ██║
╚═════╝ ╚═╝ ╚═╝ ╚═╝╚══════╝╚═╝ ╚═╝╚═╝ ╚═╝╚═════╝ ╚══════╝ ╚═════╝ ╚═╝ ╚═╝
███╗ ███╗ ██████╗██████╗
████╗ ████║██╔════╝██╔══██╗
██╔████╔██║██║ ██████╔╝
██║╚██╔╝██║██║ ██╔═══╝
██║ ╚═╝ ██║╚██████╗██║
╚═╝ ╚═╝ ╚═════╝╚═╝Stop leaking API keys. Protect your secrets. Ship with confidence.
What is StreamBlur MCP?
StreamBlur MCP is a security layer that sits between your AI coding assistant and your files. Every time your AI reads a config file, environment variable, or any text that might contain a secret — StreamBlur catches it and replaces it with a safe placeholder before it ever enters the AI's context window.
Think of it as a bouncer for your secrets. Nothing sensitive gets past.
┌─────────────────────────────────────────────────────┐
│ │
│ Your .env file: │
│ OPENAI_API_KEY=sk-proj-abc123xyz... │
│ │
│ ▼ StreamBlur MCP ▼ │
│ │
│ What your AI sees: │
│ OPENAI_API_KEY=[REDACTED:openai_project_key] │
│ │
└─────────────────────────────────────────────────────┘77+ credential patterns detected. 100% local. Zero data leaves your machine.
Quick Start
Step 1 — Install
npm install -g @streamblur/mcpStep 2 — Auto-Setup (Recommended)
One command detects your tools and configures everything automatically:
npx @streamblur/mcp --setupThis will find Claude Desktop, Cursor, Windsurf, and Zed on your machine and add StreamBlur to each one. Done.
Manual Setup
Prefer to configure manually? Pick your tool below.
Claude Code CLI
Adds StreamBlur globally across all your projects with a single command:
claude mcp add --transport stdio --scope user streamblur -- npx -y @streamblur/mcpClaude Desktop
Open your claude_desktop_config.json and add:
{
"mcpServers": {
"streamblur": {
"command": "npx",
"args": ["-y", "@streamblur/mcp"],
"env": {
"STREAMBLUR_LICENSE_KEY": "your-email-or-license-key"
}
}
}
}Where is that file?
- macOS:
~/Library/Application Support/Claude/claude_desktop_config.json - Windows:
%APPDATA%\Claude\claude_desktop_config.json
Cursor / Windsurf / other MCP clients
{
"streamblur": {
"command": "npx",
"args": ["-y", "@streamblur/mcp"],
"env": {
"STREAMBLUR_LICENSE_KEY": "your-email-or-license-key"
}
}
}Zed Editor
Open your Zed settings.json and add:
{
"mcpServers": {
"streamblur": {
"command": "npx",
"args": ["-y", "@streamblur/mcp"],
"env": {
"STREAMBLUR_LICENSE_KEY": "your-email-or-license-key"
}
}
}
}Where is that file?
- macOS:
~/Library/Application Support/Zed/settings.json - Linux:
~/.config/zed/settings.json
Tools
StreamBlur gives your AI assistant 9 security tools. 2 are free forever. 7 require Pro.
┌──────────────────────────┬────────┬──────────────────────────────────────────────────────┐
│ Tool │ Tier │ What it does │
├──────────────────────────┼────────┼──────────────────────────────────────────────────────┤
│ redact_text │ FREE │ Redacts secrets from any string of text. │
│ │ │ Returns text with [REDACTED:type] placeholders. │
├──────────────────────────┼────────┼──────────────────────────────────────────────────────┤
│ scan_text │ FREE │ Scans text and reports every secret found — │
│ │ │ type, position, and character offset. │
├──────────────────────────┼────────┼──────────────────────────────────────────────────────┤
│ redact_file │ PRO │ Reads any file and returns redacted content. │
│ │ │ Supports .env, configs, source code. Never modifies │
│ │ │ the original file. │
├──────────────────────────┼────────┼──────────────────────────────────────────────────────┤
│ scan_directory │ PRO │ Recursively scans a folder for leaked secrets. │
│ │ │ Returns file paths, secret types, and line numbers. │
│ │ │ Skips node_modules, .git, dist, and build folders. │
├──────────────────────────┼────────┼──────────────────────────────────────────────────────┤
│ scan_repo │ PRO │ Full repository audit — scans every relevant file │
│ │ │ in your project and produces a security report. │
├──────────────────────────┼────────┼──────────────────────────────────────────────────────┤
│ audit_env_file │ PRO │ Deep audit of a .env file: detected secrets, │
│ │ │ placeholder values, formatting issues, and rotation │
│ │ │ recommendations. File is never modified. │
├──────────────────────────┼────────┼──────────────────────────────────────────────────────┤
│ check_gitignore │ PRO │ Verifies your .gitignore actually covers .env files, │
│ │ │ key files, and secret directories. Returns a gap │
│ │ │ report so nothing slips through to GitHub. │
├──────────────────────────┼────────┼──────────────────────────────────────────────────────┤
│ explain_detection │ PRO │ Given a detected secret type (e.g. stripe_secret_ │
│ │ │ live), explains what it is, the blast radius if │
│ │ │ leaked, and exactly where to go to revoke it now. │
├──────────────────────────┼────────┼──────────────────────────────────────────────────────┤
│ generate_env_template │ PRO │ Generates a safe .env.example template with │
│ │ │ placeholder values and security comments for common │
│ │ │ project types. Safe to commit to GitHub. │
└──────────────────────────┴────────┴──────────────────────────────────────────────────────┘What Gets Detected
77+ credential patterns across every major platform and service:
┌─────────────────────────────────────────────────────────────────────────────┐
│ AI & ML OpenAI · Anthropic · Groq · Together AI · Hugging Face │
│ Replicate · Cohere · ElevenLabs │
│ │
│ Cloud AWS Access Keys · AWS Secret Keys · Azure Storage Keys │
│ GCP Service Accounts · Firebase Web API Keys │
│ Firebase Service Accounts │
│ │
│ Dev Tools GitHub PATs · GitLab Tokens · npm Tokens │
│ Netlify Tokens · Vercel Tokens · Railway Tokens │
│ Doppler Tokens · Pulumi Access Tokens │
│ │
│ Payments Stripe Live Secret · Stripe Test Secret │
│ Stripe Publishable · Stripe Restricted │
│ │
│ Databases PostgreSQL URLs · MySQL URLs · MongoDB URLs │
│ Redis URLs · Supabase Service Role Keys │
│ PlanetScale Tokens │
│ │
│ Messaging Slack Bot/User/Session Tokens · Twilio SIDs │
│ Twilio Auth Tokens · Discord Bot Tokens │
│ SendGrid Keys · Mailgun Keys │
│ │
│ Other JWT Tokens · OAuth Refresh Tokens · Bearer Tokens │
│ RSA/DSA/EC/OpenSSH Private Keys · Notion API Keys │
│ Linear API Keys · Airtable Keys · Shopify Tokens │
│ HTTP Basic Auth URLs · Generic token assignments │
│ .env variable assignments (PASSWORD, SECRET_KEY, etc.) │
└─────────────────────────────────────────────────────────────────────────────┘Pricing
┌──────────────────────────┬──────────────────────────────────────┐
│ FREE │ PRO │
│ Forever │ $2.99 one-time │
│ │ (launch special, was $9) │
├──────────────────────────┼──────────────────────────────────────┤
│ redact_text ✓ │ Everything in Free ✓ │
│ scan_text ✓ │ redact_file ✓ │
│ │ scan_directory ✓ │
│ │ scan_repo ✓ │
│ │ audit_env_file ✓ │
│ │ check_gitignore ✓ │
│ │ explain_detection ✓ │
│ │ generate_env_template ✓ │
│ │ │
│ │ No subscription. No renewal. │
│ │ Pay once. Own it forever. │
└──────────────────────────┴──────────────────────────────────────┘Get Pro at streamblur.com/pricing
Once you have Pro, add your email or license key to your MCP config:
"env": {
"STREAMBLUR_LICENSE_KEY": "[email protected]"
}Privacy
- 100% local — all pattern matching runs on your machine
- No data uploads — your files and text are never sent anywhere
- No telemetry — we don't track what you scan
- One network call — Pro license validation on startup only (to streamblur.com)
- File-safe —
redact_filereads your file and returns redacted output; the original is never modified