MCP Armor
MCP Armor continuously secures and monitors Model Context Protocol operations through static and dynamic scans, revealing hidden risks in agent-to-tool communications.
What is MCP Armor?
MCP Armor is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to mcp armor continuously secures and monitors model context protocol operations through static and dynamic scans, revealing hidden risks in agent-to-tool communications.
MCP Armor continuously secures and monitors Model Context Protocol operations through static and dynamic scans, revealing hidden risks in agent-to-tool communications.
This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- MCP Armor continuously secures and monitors Model Context Pr
Use Cases
Maintainer
Works with
Installation
Manual Installation
npx mcp-armorConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use MCP Armor
MCP Armor is a local security scanner for Model Context Protocol deployments that performs both static and dynamic analysis of MCP server configurations to detect vulnerabilities in agent-to-tool communications. It can identify prompt injection risks, rug pull attacks, cross-server tool shadowing, tool poisoning, command injection vulnerabilities, hardcoded secrets, and baseline drift from unauthorized changes. Security engineers and teams running multi-server MCP deployments can use MCP Armor to audit their configurations before deploying AI agents or to continuously monitor for unexpected changes.
Prerequisites
- Python 3.9+ and pip installed
- One or more MCP server configuration files (e.g., claude_desktop_config.json or similar) to scan
- MCP Armor runs entirely locally — no cloud account or API key is required
- An MCP-compatible client if you want to expose MCP Armor as an MCP tool itself (optional)
Install MCP Armor via pip
Install the mcp-armor package from PyPI. A virtual environment is recommended to isolate dependencies.
python3 -m venv .venv
source .venv/bin/activate
pip install mcp-armorCreate a baseline of your current MCP configuration
Run the inspect command to catalog all tools, resources, and prompts currently exposed by your MCP servers. This creates a baseline file used for drift detection in subsequent scans.
mcp-armor inspect --config ~/.config/Claude/claude_desktop_config.json --baseline ./mcp-baseline.jsonRun a security scan against your configuration
Run the scan command to perform static security analysis. MCP Armor checks for prompt injection, tool poisoning, cross-server shadowing, hardcoded secrets, and command injection vulnerabilities.
mcp-armor scan --config ~/.config/Claude/claude_desktop_config.json --baseline ./mcp-baseline.json --report-type md --output ./mcp-security-report.mdReview the security report
Open the generated report file (Markdown or JSON format). Each finding includes the vulnerability type, affected tool or resource, severity, and recommended remediation steps.
# View the markdown report
cat ./mcp-security-report.mdIntegrate into CI or run periodically
Add MCP Armor to your CI pipeline or run it on a schedule to detect drift from the baseline. Use --verbose for detailed terminal output during automated runs.
mcp-armor scan --config ./claude_desktop_config.json --baseline ./mcp-baseline.json --report-type json --output ./report.json --verboseMCP Armor Examples
Client configuration
Example MCP Armor scan command covering multiple MCP config files simultaneously, outputting a JSON report for automated processing.
{
"mcpServers": {
"mcp-armor": {
"command": "mcp-armor",
"args": ["scan",
"--config", "/path/to/claude_desktop_config.json",
"--baseline", "/path/to/mcp-baseline.json",
"--report-type", "json",
"--output", "/path/to/report.json"
]
}
}
}Prompts to try
CLI commands and use cases to explore MCP Armor's security scanning capabilities.
- mcp-armor inspect --config claude_desktop_config.json --baseline baseline.json
- mcp-armor scan --config claude_desktop_config.json --baseline baseline.json --report-type md
- mcp-armor scan --config config1.json --config config2.json --verbose
- mcp-armor scan --config claude_desktop_config.json --show-logs
- Review the report for 'Prompt Injection' and 'Tool Poisoning' findings
- Compare two baseline files to identify configuration drift over timeTroubleshooting MCP Armor
mcp-armor command not found after pip install
Ensure the virtual environment is activated with 'source .venv/bin/activate' before running mcp-armor. Alternatively, install with 'pip install --user mcp-armor' and ensure ~/.local/bin is in your PATH.
Inspect or scan fails with 'config file not found' error
Provide the absolute path to your MCP configuration file with the --config flag. For Claude Desktop on macOS, the config is at '~/Library/Application Support/Claude/claude_desktop_config.json'. Use 'ls' to verify the file exists before running the scan.
Scan reports false positives for known-safe tools
Update your baseline file by re-running 'mcp-armor inspect' after reviewing and confirming the tools are safe. The drift detection compares against the baseline, so an up-to-date baseline reduces false drift alerts in subsequent scans.
Frequently Asked Questions about MCP Armor
What is MCP Armor?
MCP Armor is a Model Context Protocol (MCP) server that mcp armor continuously secures and monitors model context protocol operations through static and dynamic scans, revealing hidden risks in agent-to-tool communications. It connects AI assistants to external tools and data sources through a standardized interface.
How do I install MCP Armor?
Follow the installation instructions on the MCP Armor GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.
Which AI clients work with MCP Armor?
MCP Armor works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is MCP Armor free to use?
Yes, MCP Armor is open source and available under the Apache-2.0 license. You can use it freely in both personal and commercial projects.
MCP Armor Alternatives — Similar Security Servers
Looking for alternatives to MCP Armor? Here are other popular security servers you can use with Claude, Cursor, and VS Code.
Casdoor
★ 13.6kAn open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
ghidraMCP
★ 9.0kAn Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through
HexStrike AI
★ 8.9kHexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b
IDA Pro MCP
★ 8.7kEnables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.
Anthropic Cybersecurity Skills
★ 6.6k754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform
Hooker
★ 5.1k🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u
Browse More Security MCP Servers
Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up MCP Armor in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use MCP Armor?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.