Secure.MCP

calumjs/Secure.MCP

3.1

If you are the rightful owner of Secure.MCP and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.

Secure-MCP is a Python-based server that enhances the security of MCP tool calls by integrating LLM-based risk analysis and user confirmation for high-risk operations.

Secure MCP Wrapper Server

Secure-MCP is a Python MCP server that wraps an arbitrary upstream MCP server and adds:

  • LLM-based risk analysis of tool calls
  • Prompt-conditioned tool filtering
  • Simple user confirmation for suspicious operations

Features

  • Connects to another MCP server (stdio command or SSE URL)
  • Intercepts tool discovery and invocation
  • Uses an LLM to score risk and filter tools
  • Asks the user to confirm before proceeding when risk is high

Install

pip install -e .

Configuration

Create a .env or use environment variables:

  • SECURE_MCP_API_KEY: API key for your LLM provider
  • SECURE_MCP_LLM_MODEL: Model name (e.g., gpt-4.1)
  • SECURE_MCP_SYSTEM_PROMPT: System policy prompt for filtering and risk assessment
  • SECURE_MCP_UPSTREAM_CMD: Command to launch upstream MCP server (stdio)
  • SECURE_MCP_UPSTREAM_ARGS: Optional JSON array of args for the upstream command

Alternatively, provide a YAML config file and pass --config path.yaml.

Usage

secure-mcp --upstream-cmd "uvx" --upstream-args '["mcp-server-fetch"]' \
  --system-prompt "Only allow read-only tools; block writes unless confirmed." \
  --model gpt-4.1

This runs a wrapper server that connects to the target server, filters listed tools per the system prompt, and intercepts tool calls with LLM-based checks. If a call is suspicious, it asks you: "Proceed? (y/N)".

Run via uvx (no local install)

  • From GitHub .zip archive (no Git required):
uvx --from "https://github.com/calumjs/Secure.MCP/archive/refs/heads/main.zip" secure-mcp \
  --upstream-cmd "uvx" --upstream-args '["mcp-server-fetch"]'
  • From git+ URL (requires Git installed on PATH):
uvx --from "git+https://github.com/calumjs/Secure.MCP@main" secure-mcp \
  --upstream-cmd "uvx" --upstream-args '["mcp-server-fetch"]'

Claude Desktop config example

Put into your claude_desktop_config.json:

{
  "mcpServers": {
    "secure-mcp": {
      "command": "uvx",
      "args": [
        "--from",
        "https://github.com/calumjs/Secure.MCP/archive/refs/heads/main.zip",
        "secure-mcp"
      ],
      "env": {
        "SECURE_MCP_API_KEY": "YOUR_API_KEY",
        "SECURE_MCP_LLM_MODEL": "gpt-4.1",
        "SECURE_MCP_SYSTEM_PROMPT": "Only allow read-only tools; block writes unless confirmed.",
        "SECURE_MCP_UPSTREAM_CMD": "uvx",
        "SECURE_MCP_UPSTREAM_ARGS": "[\"mcp-server-fetch\"]"
      }
    }
  }
}

Notes

  • This project starts with a simple CLI confirmation. Integrate a UI-specific confirmation mechanism if embedding in a host.
  • You can swap the LLM provider by adjusting the llm.py client.

License

MIT