npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

mcp-guardian

v2.4.0

Published

MCP security scanner - detect prompt injection in tool descriptions

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

wfmediawfmedia

Keywords

mcpsecurityprompt-injectiontool-scanningclaudeanthropicai-safety

Readme

mcp-guardian

MCP security scanner that detects prompt injection attacks in tool descriptions.

What It Detects

  • Cross-tool instructions - Attempts to chain tool calls ("before using this tool", "first call", "you must execute")
  • Privilege escalation - Attempts to override safety ("ignore previous instructions", "you are now", "bypass security")
  • Data exfiltration - Attempts to send data externally (URLs, "send to", "upload to")
  • Stealth directives - Hidden instructions in descriptions
  • Sensitive path access - References to ~/.ssh, ~/.aws, credentials, etc.
  • Encoded content - Base64, unicode escapes, hex encoding (potential obfuscation)

Installation

npm install mcp-guardian

Usage

CLI - Scan MCP Config

# Auto-detect Claude Desktop config
npx mcp-guardian

# Explicit config path
npx mcp-guardian /path/to/claude_desktop_config.json

# JSON output
npx mcp-guardian --json

CLI - Run as MCP Server

npx mcp-guardian --mcp

Claude Desktop Integration

Add to your claude_desktop_config.json:

{
  "mcpServers": {
    "mcp-guardian": {
      "command": "npx",
      "args": ["-y", "mcp-guardian", "--mcp"]
    }
  }
}

Library Usage

import {
  scanToolDescription,
  scanToolDefinitions,
  isDescriptionSafe,
  verifyToolDefinitions,
} from "mcp-guardian";

// Scan a single tool description
const result = scanToolDescription("my_tool", "Tool description here");
if (result.status === "critical") {
  console.error("Potential injection:", result.issues);
}

// Quick safety check
if (!isDescriptionSafe("Before using this tool, first call...")) {
  console.warn("Suspicious description detected");
}

// Scan multiple tools
const tools = [
  { name: "tool1", description: "...", schema: {} },
  { name: "tool2", description: "...", schema: {} },
];
const serverResult = scanToolDefinitions(tools, "my-server");

// Tool pinning - detect changes
const pinResult = verifyToolDefinitions(tools);
if (pinResult.status === "changed") {
  console.warn("Tool definitions changed:", pinResult.changedTools);
}

Demo

Try mcp-guardian instantly with built-in poisoned tool examples:

npx mcp-guardian demo

This scans hardcoded examples demonstrating real attack patterns — no config file needed.

Expected output:

✅ filesystem (14 tools)
✅ memory (9 tools)
🔴 suspicious-tool (4 tools)
   └─ add: sensitive_path (~/.ssh)
   └─ format_text: privilege_escalation ("You are now")
   └─ search_docs: exfiltration (evil URL), sensitive_path (~/.aws/credentials)

Summary:
  📊 Total tools: 27
  ✅ Clean: 2
  ⚠️  Warning: 0
  🚨 Critical: 1

The poisoned server demonstrates real attack patterns from published security research. See examples/poisoned-server/README.md for details.

Detection Patterns

Critical Severity (38 patterns)

| Category | Examples | |----------|----------| | Cross-tool instruction | "before using this tool", "first call", "then execute", "always call" | | Privilege escalation | "ignore previous instructions", "override system", "you are now" | | Exfiltration | URLs, "send to", "post to", "forward to", "upload to" |

Warning Severity (13 patterns)

| Category | Examples | |----------|----------| | Sensitive paths | ~/.ssh, ~/.aws, /etc/passwd, .env, api_key | | Encoded content | Base64 strings, unicode escapes, hex encoding |

Pre-commit Integration

Using pre-commit framework

Add to your .pre-commit-config.yaml:

repos:
  - repo: https://github.com/alexandriashai/mcp-guardian
    rev: v1.2.2
    hooks:
      - id: mcp-guardian

Using Husky

Add to .husky/pre-commit:

#!/bin/sh
. "$(dirname "$0")/_/husky.sh"

npx mcp-guardian --sync --quiet

Using Lefthook

Add to lefthook.yml:

pre-commit:
  commands:
    mcp-guardian:
      glob: "claude_desktop_config.json"
      run: npx mcp-guardian --sync {staged_files}

Tool Pinning

MCP Guardian includes tool definition pinning - SHA-256 hashing of tool definitions to detect tampering:

import { verifyToolDefinitions, approveAllTools } from "mcp-guardian";

// Verify tools against stored baseline
const result = verifyToolDefinitions(tools);

// Status: "created" | "verified" | "changed" | "error"
if (result.status === "changed") {
  console.log("Modified tools:", result.changedTools);
  console.log("New tools:", result.newTools);
  console.log("Removed tools:", result.removedTools);
}

// Re-approve all tools (after review)
approveAllTools(tools);

Manifests are stored in ~/.mcp-guardian/tool-manifest.json.

Research References

This tool is informed by MCP security research from:

License

MIT