Security for the AI Era

Secure Your MCP Servers

Comprehensive security scanning and runtime protection for Model Context Protocol servers. Detect vulnerabilities, prevent prompt injection attacks, and identify malicious tools before they compromise your AI systems.

Get Started View on GitHub View on Smithery

Security Tools

100%

Open Source

MIT

License

Comprehensive Security Analysis

Three powerful tools to protect your MCP infrastructure

🔍

Vulnerability Scanning

Scan MCP packages for security vulnerabilities, dangerous code patterns, and CVE exposures. Analyze dependencies and calculate comprehensive risk scores.

NPM package analysis
CVE database lookup
Dangerous pattern detection
Dependency tree scanning

🛡️

Prompt Injection Detection

Analyze tool descriptions and prompts for injection attacks. Detect instruction overrides, role manipulation, and system prompt extraction attempts.

Instruction injection patterns
Role manipulation detection
System prompt extraction
Delimiter injection checks

⚠️

Tool Poisoning Prevention

Identify malicious, misleading, or shadowing tools. Detect typosquatting, name-description mismatches, and suspicious reassurance language.

Name shadowing detection
Typosquatting analysis
Semantic mismatch detection
Suspicious language patterns

Get Started in Seconds

Choose your deployment method

1 Claude Code Plugin (Easiest!)

Install as a Claude Code skill - automatic security scanning when you ask

# Install plugin
/plugin marketplace add mcp-fortress/mcp-fortress
/plugin install mcp-fortress

# Authenticate (opens browser)
/mcp

Now just ask: "Is @modelcontextprotocol/server-github safe?" 🎉

2 Remote Server

Connect to our hosted server instantly - no installation required

{
  "mcpServers": {
    "mcp-fortress": {
      "url": "https://server.smithery.ai/@mcp-fortress/mcp-fortress-server/mcp"
    }
  }
}

Add to claude_desktop_config.json and restart Claude Desktop

3 Local Installation

Run MCP Fortress locally with full control

# Install globally
npm install -g mcp-fortress

# Configure Claude Desktop
{
  "mcpServers": {
    "mcp-fortress": {
      "command": "mcp-fortress",
      "args": ["serve-mcp"]
    }
  }
}

Available on npm and the MCP Registry

New

Use with Claude Code

Install MCP Fortress as a Claude Code skill for autonomous security scanning

🤖

Autonomous Activation

No slash commands needed. Claude automatically uses MCP Fortress when you ask about MCP server security.

💬

Natural Language

Just ask "Is this MCP server safe?" and get comprehensive security analysis in plain English.

⚡

One Command Install

Install from the marketplace in seconds, no manual file copying required.

Installation

# Add the marketplace
/plugin marketplace add mcp-fortress/mcp-fortress

# Install the skill
/plugin install mcp-fortress

One-time authentication required: After installation, run /mcp and authenticate with Smithery (opens in browser). Takes 30 seconds. The MCP server is automatically included!

Example Usage

You: Is @modelcontextprotocol/server-github safe to install?

Claude (using MCP Fortress):

Security Scan Results: @modelcontextprotocol/server-github

✅ Overall Safety: SAFE
📊 Risk Score: 0/100

Summary:
• 0 critical threats
• 0 CVE vulnerabilities
• 9 dependencies scanned

Recommendation: APPROVE - This package is safe to install.

View Skill Documentation Browse Claude Code Marketplace

Built for Security-Conscious Teams

👨‍💻

For Developers

Scan MCP servers before installation. Verify package integrity and detect malicious code during development.

🏢

For Enterprises

Enforce security policies across your organization. Audit MCP servers and maintain compliance standards.

🔬

For Researchers

Analyze MCP security patterns. Study prompt injection techniques and contribute to AI safety research.