npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

deny-sh-mcp

v1.1.0

Published

Model Context Protocol server for deny.sh deniable encryption. Lets any MCP-compatible AI agent call deny.sh tools.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

deny.shdeny.sh

Keywords

mcpmodel-context-protocoldeniable-encryptiondenydeny-shencryptionai-agentclaudeanthropicprivacy

Readme

deny-sh-mcp

Model Context Protocol server for deny.sh deniable encryption. Lets any MCP-compatible AI agent call deny.sh tools.

deny.sh · Whitepaper · Verify it yourself · TypeScript SDK

What this is

A standalone MCP server that exposes deny.sh's deniable-encryption primitive as tools any agent can call.

npx deny-sh-mcp

Single file. Zero runtime dependencies. Speaks stdio JSON-RPC, talks to the deny.sh public API over HTTPS with a user-supplied bearer key.

Tools

11 tools in two modes. Local-mode tools run entirely on your machine, no network round-trip, no API key required.

API mode (requires DENY_API_KEY)

| Tool | Purpose | |---------------------|----------------------------------------------------------------------------------| | deny_encrypt | Encrypt text via the deny.sh API | | deny_decrypt | Decrypt with control data + passwords | | deny_create_decoy | Create a deniable decoy (new control data, different plaintext, same ciphertext) | | deny_vault_store | Store encrypted data in your deny.sh vault | | deny_vault_list | List your vault items | | deny_vault_get | Retrieve a vault item by id | | deny_usage | Check current API usage against your plan limits |

Local mode (no network, no key)

| Tool | Purpose | |----------------------------|------------------------------------------------------------------------| | deny_local_encrypt | Encrypt locally using the same algorithm as the API | | deny_local_decrypt | Decrypt locally | | deny_local_create_decoy | Create decoy control data locally | | deny_local_shamir_split | Split a secret into M-of-N Shamir shares locally |

Setup

  1. Get an API key at https://deny.sh/register (free tier: 500 calls/mo).
  2. Set DENY_API_KEY in the agent's MCP server env block.
  3. Add to your agent's MCP config.

Claude Desktop / OpenClaw

{
  "mcpServers": {
    "deny": {
      "command": "npx",
      "args": ["deny-sh-mcp"],
      "env": { "DENY_API_KEY": "dk_your_key" }
    }
  }
}

Anthropic API / Codex CLI / other MCP-compatible agents

Same shape. Most agents accept the standard MCP server config block above. Check your agent's docs for the exact path (Claude Desktop on macOS: ~/Library/Application Support/Claude/claude_desktop_config.json).

Environment

| Variable | Default | Notes | |-----------------|--------------------------|----------------------------------------------| | DENY_API_KEY | (required) | Bearer key from https://deny.sh/register | | DENY_API_URL | https://deny.sh/api | Override for staging / private deployments |

Threat model

API-mode tools (deny_encrypt, deny_decrypt, deny_create_decoy, deny_vault_*, deny_usage) round-trip plaintext through the deny.sh public API. Use these when you want vault sync across devices or when the agent's host machine is untrusted.

Local-mode tools (deny_local_*) run the same algorithm entirely on the agent's host machine. No network call, no plaintext leaves the process. Use these when you want offline-only encryption.

In either mode, the cryptographic primitive itself is the same: AES-256-CTR + scrypt + XOR composition. See the deny.sh whitepaper for the full threat model on the primitive.

License

Apache License 2.0. See LICENSE.

The MCP server is a thin wrapper around the deny.sh primitive. Apache 2.0 because the primitive itself is Apache 2.0. Free for commercial and proprietary use. See deny.sh/licensing.

Source

This file mirrors the canonical source in the private deny.sh monorepo. Releases are tagged from there.