Get the FREE Ultimate OpenClaw Setup Guide →

MCP-Defender

Desktop app that automatically scans and blocks malicious MCP traffic in AI apps like Cursor, Claude, VS Code and Windsurf.

Installation
Run this command in your terminal to add the MCP server to Claude Code.
Run in terminal:
View docs
Command
claude mcp add --transport stdio mcp-defender-mcp-defender node src/server.js \
  --env PORT="3000" \
  --env DEBUG="mcp-defender:*"

How to use

MCP Defender is a Node.js desktop service that sits in front of MCP traffic for AI apps, automatically proxying all MCP tool call requests and responses so they can be inspected by Defender's signatures. Once started, it continuously monitors traffic between your AI apps (like Cursor, Claude, VS Code, Windsurf) and MCP endpoints, checks the data against a signature set, and raises alerts or blocks suspicious tool calls according to your configuration. You can interact with Defender through its UI/CLI (as provided by the app) to review intercepted payloads, apply allow/block decisions, and customize signature rules. The tool aims to reduce risk by catching potentially harmful tool invocations before they reach the target application or external services. To use it, start the Defender server, ensure MCP clients are routed through the Defender proxy, and then rely on the built-in alerts and controls to manage tool calls in real time.

How to install

Prerequisites:

  • Node.js and npm installed on your system (v14+ recommended)
  • Git installed

Steps:

  1. Clone the repository git clone https://github.com/MCP-Defender/MCP-Defender.git cd MCP-Defender

  2. Install dependencies npm install

  3. Build or prepare the server if needed (depending on project setup) npm run build (if available)

  4. Run the Defender server npm start

  5. Verify the server is running Open http://localhost:3000 (or the port you configured) to access the Defender UI or check the console for startup logs.

Additional notes

Tips and common issues:

  • Ensure the PORT environment variable is not blocked by another service. Change PORT in the env section if needed.
  • If Defender encounters signature update issues, check network access for signature feeds and ensure you have the latest version of MCP Defender.
  • When integrating with MCP clients, route traffic through Defender's proxy as described in your deployment guide.
  • If the app fails to start, review npm install logs for missing native dependencies and rebuild as needed.
  • You can customize or expand the signature set to better fit your environment; refer to the signature documentation in the project for guidance.

Related MCP Servers

mcp-for-beginners

14.5k

This open-source curriculum introduces the fundamentals of Model Context Protocol (MCP) through real-world, cross-language examples in .NET, Java, TypeScript, JavaScript, Rust and Python. Designed for developers, it focuses on practical techniques for building modular, scalable, and secure AI workflows from session setup to service orchestration.

mcp-router

1.8k

A Unified MCP Server Management App (MCP Manager).

pluggedin-app

93

The Crossroads for AI Data Exchanges. A unified, self-hostable web interface for discovering, configuring, and managing Model Context Protocol (MCP) servers—bringing together AI tools, workspaces, prompts, and logs from multiple MCP sources (Claude, Cursor, etc.) under one roof.

dynamic-shell

41

Dynamic Shell Command MCP Server

mcp-libsql

19

Secure MCP server for libSQL databases with comprehensive tools, connection pooling, and transaction support. Built with TypeScript for Claude Desktop, Claude Code, Cursor, and other MCP clients.

mcp -zotero-dev

13

Give your AI assistant superpowers for Zotero plugin development. 25 tools for screenshots, DOM inspection, JavaScript execution, build integration, and debugging via Model Context Protocol.

Sponsor this space

Reach thousands of developers