How are you intercepting the huge variety of network calls and range of protocols that a local MCP service can make? Are you between the client and process? Or do you only support remote MCP?
OK well since OP isn't replying, [Edit: Author replied] it looks like they're using a wrapper process for local MCP servers and a proxy for remote, and you have to modify your MCP config to reference the local wrapper or proxy so it can intercept requests.
Claude artifact based on Sonnet 4 analyzing the code with github MCP.
In the video example, the 'bad guy' tried to get the MCP server to read ~/.ssh/id_rsa and post it to the attacker site. The MCP Defender popup balked just by it trying to read a suspicious file so it didn't get to the point of making the network connection. It was unclear whether just getting it to ping a remote server with something less shocking than your private keys, such as for instance, source code or environment variables in the current project, would also be treated as malicious.
With the default signatures, source code would not be treated as malicious. However, you can add custom signatures and detect whatever you'd like. We'll soon be adding deterministic rules as well to complement the LLM based ones.
MCP Defender sits between the MCP client and server. If you use Cursor for example, MCP Defender rewrites your Cursor MCP config file so that all MCP servers point to the MCP Defender proxy. So the tool calls are scanned before they make it to the server. The responses from the servers are also scanned although this is configurable (disabling it speeds up scans).
Ah thanks. Sorry I didn't see your reply before I posted the analysis. I'll leave it. Thanks for the reply. Congrats on the project. Seems like a legit need.
I guess it depends if you want to restrict an agent to a set of protocols or let it go wild.
I think in most use cases and agent would need just https and dns, both which can be MiTM monitored. In other some cases maybe also one or more of SSH, redis, MySQL, Postgres etc.
But YOLOing and letting it to connect to anything is probably not needed.
Thanks for your comment - MCP Defender sits between the MCP client and server, it doesn't need to worry about the protocols that the server communicates with to other services.
Claude artifact based on Sonnet 4 analyzing the code with github MCP.
https://claude.ai/public/artifacts/30b92814-c4d2-4cb5-b08e-4...