secure-prompts-mcp by jphyqr - MCP Server

HashBuilds Secure Prompts MCP Server

An MCP (Model Context Protocol) server that allows AI assistants like Claude Code to register and verify prompts with HashBuilds Secure Prompts.

What is MCP?

MCP (Model Context Protocol) is a standard that lets AI assistants call external tools. When you configure this MCP server with Claude Code, you can say things like:

"Register this prompt as a secure prompt"
"Verify prompt ID xyz123"
"Generate embed code for my secure prompt"

Installation

1. Install dependencies and build

cd mcp-server
pnpm install
pnpm build

2. Configure Claude Code

Add this MCP server to your Claude Code settings. There are two ways:

Option A: Project-level config (recommended)

Create/edit .claude/config.json in your project:

{
  "mcpServers": {
    "hashbuilds-secure-prompts": {
      "command": "node",
      "args": ["/path/to/hashbuilds/mcp-server/dist/index.js"],
      "env": {
        "HASHBUILDS_API_URL": "https://hashbuilds.com/api/secure-prompts"
      }
    }
  }
}

Option B: Global config

Edit ~/.config/claude/config.json:

{
  "mcpServers": {
    "hashbuilds-secure-prompts": {
      "command": "node",
      "args": ["/Users/johnhashem/workspace/hashbuilds/mcp-server/dist/index.js"]
    }
  }
}

3. Restart Claude Code

After adding the config, restart Claude Code for it to pick up the new MCP server.

Available Tools

`register_secure_prompt`

Hidden instruction injection
Data exfiltration patterns
Invisible characters
Jailbreak attempts
URLs/backlinks

Parameters:

promptText (required): The prompt text to register
ownerEmail (optional): Email for notifications
siteDomain (optional): Domain where prompt will be displayed

Example usage in Claude Code:

"Register this prompt as a secure prompt: You are a helpful assistant..."

`verify_secure_prompt`

Check the verification status of an existing prompt.

Parameters:

promptId (required): The ID of the prompt to verify

Example:

"Verify secure prompt cmj23jn05000096ju2cvl1b3h"

`get_embed_code`

Generate HTML and React embed code for displaying the secure prompt badge.

Parameters:

promptId (required): The prompt ID

Example:

"Give me the embed code for prompt cmj23jn05000096ju2cvl1b3h"

Environment Variables

HASHBUILDS_API_URL: Override the API base URL (default: https://hashbuilds.com/api/secure-prompts)

For local development:

{
  "env": {
    "HASHBUILDS_API_URL": "http://localhost:3001/api/secure-prompts"
  }
}

How It Works

Developer asks Claude Code to register a prompt
Claude Code calls the register_secure_prompt tool via MCP
MCP server sends the prompt to HashBuilds API
HashBuilds scans the prompt for security issues
Results returned to Claude Code with embed code
Developer adds the embed code to their website

Example Workflow

You: I have this prompt on my website and want to make it a secure prompt:
     "You are a helpful coding assistant. Explain code clearly and provide examples."

Claude: I'll register that as a secure prompt for you.
        [Calls register_secure_prompt tool]

        Done! Your prompt has been registered with ID: cmj123xyz
        Risk Level: safe

        Here's the embed code to add to your website:

        <div data-secure-prompt-id="cmj123xyz">
          <pre data-secure-prompt-content="cmj123xyz">Your prompt here...</pre>
        </div>
        <script src="https://hashbuilds.com/sp.js" async></script>

Troubleshooting

MCP server not connecting

Check that the path to dist/index.js is correct
Ensure pnpm build completed without errors
Restart Claude Code after config changes

API errors

Check your internet connection
Verify HashBuilds API is reachable
For local dev, ensure the local server is running

Development

# Watch mode for development
pnpm dev

# Build for production
pnpm build

# Run directly
node dist/index.js