MCP-Dandan

v1.0.0โ€ขSecurityโ€ขstable

๐Ÿ ๐Ÿ“‡ ๐Ÿ  ๐ŸŽ ๐ŸชŸ ๐Ÿง - Real-time security framework for MCP servers that detects and blocks malicious AI agent behavior by analyzing tool call patterns and intent across multiple threat detection engines.

ai-securityai-security-toolai-toolsawesome-listsmcp
Share:
63
Stars
0
Downloads
0
Weekly
0/5

What is MCP-Dandan?

MCP-Dandan is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to ๐Ÿ ๐Ÿ“‡ ๐Ÿ  ๐ŸŽ ๐ŸชŸ ๐Ÿง - real-time security framework for mcp servers that detects and blocks malicious ai agent behavior by analyzing tool call patterns and intent across multiple threat detection engines...

๐Ÿ ๐Ÿ“‡ ๐Ÿ  ๐ŸŽ ๐ŸชŸ ๐Ÿง - Real-time security framework for MCP servers that detects and blocks malicious AI agent behavior by analyzing tool call patterns and intent across multiple threat detection engines.

This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • ๐Ÿ ๐Ÿ“‡ ๐Ÿ  ๐ŸŽ ๐ŸชŸ ๐Ÿง - Real-time security framework for MCP servers t

Use Cases

Real-time AI agent behavior detection
Block malicious tool calls and unsafe actions
82ch

Maintainer

LicenseMIT License
Languagepython
Versionv1.0.0
UpdatedApr 12, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

Manual Installation

npx mcp-dandan

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use MCP-Dandan

MCP-Dandan is a real-time security gateway for MCP deployments that sits between your AI agent and MCP tools, monitoring every tool call for malicious patterns across five detection engines: command injection, file system exposure, PII leakage, data exfiltration, and LLM-based tools poisoning. It provides a desktop dashboard for live threat monitoring and user-controlled blocking, making it suitable for teams running AI agents in sensitive or production environments where uncontrolled tool access poses a security risk. The framework assigns alignment scores to tool usage and auto-categorises threat severity from none through low, medium, and high.

Prerequisites

  • Node.js 18+ and npm installed
  • Git to clone the repository
  • Mistral API key (required to enable the LLM-based Tools Poisoning detection engine)
  • An MCP-compatible client or agent setup that routes tool calls through this gateway
  • Cross-platform desktop support: Windows, macOS, or Linux
1

Clone the repository

Clone the MCP-Dandan repository to your local machine. The project is not published to npm or PyPI and must be run from source.

git clone https://github.com/82ch/MCP-Dandan.git
cd MCP-Dandan
2

Install all dependencies

Run the combined install script that sets up dependencies for all parts of the project โ€” the gateway server, the Electron desktop dashboard, and any supporting modules.

npm run install-all
3

Configure your Mistral API key

The Tools Poisoning detection engine requires a Mistral API key for LLM-based semantic analysis. You can set this as an environment variable or enter it in the desktop settings panel after launch.

export MISTRAL_API_KEY=your_mistral_api_key_here
4

Start the development server and dashboard

Launch MCP-Dandan in development mode. The gateway starts on http://127.0.0.1:8282 and the Electron desktop dashboard opens automatically for monitoring and configuration.

npm run dev
5

Configure detection engines in the dashboard

Use the desktop settings panel to toggle individual detection engines on or off, add custom PII detection rules, and set response actions (block or alert) for each threat category.

6

Route your MCP agent traffic through the gateway

Point your MCP client or AI agent at the Dandan gateway endpoint (http://127.0.0.1:8282) instead of directly at your MCP tools server. All tool calls will be inspected before being forwarded.

MCP-Dandan Examples

Client configuration

Example showing how to point an MCP client at the MCP-Dandan security gateway instead of a tool server directly.

{
  "mcpServers": {
    "secured-tools": {
      "command": "node",
      "args": ["/path/to/MCP-Dandan/gateway/index.js"],
      "env": {
        "MISTRAL_API_KEY": "your_mistral_api_key_here"
      }
    }
  }
}

Prompts to try

These prompts describe what you can observe and manage using the MCP-Dandan desktop dashboard.

- "Show me the real-time security alerts from my AI agent's tool calls"
- "What PII patterns should I add to monitor for credit card numbers in tool outputs?"
- "Explain what a tool call alignment score of 45 means for my agent"
- "Block all tool calls flagged as high severity automatically"

Troubleshooting MCP-Dandan

Tools Poisoning engine not activating

This engine requires the MISTRAL_API_KEY environment variable to be set, or the API key to be entered in the dashboard settings panel. Without it, the LLM-based detection is disabled while other engines continue to function.

Gateway not intercepting tool calls

Ensure your MCP client is configured to connect to the gateway at http://127.0.0.1:8282, not directly to the downstream tool server. Check that npm run dev is running and the gateway port is not blocked by a firewall.

Electron dashboard fails to open

Run `npm run install-all` again to ensure the Electron desktop dependencies are fully installed. On Linux, you may need additional system libraries for Electron โ€” check the output of npm run dev for missing dependency errors.

Frequently Asked Questions about MCP-Dandan

What is MCP-Dandan?

MCP-Dandan is a Model Context Protocol (MCP) server that ๐Ÿ ๐Ÿ“‡ ๐Ÿ  ๐ŸŽ ๐ŸชŸ ๐Ÿง - real-time security framework for mcp servers that detects and blocks malicious ai agent behavior by analyzing tool call patterns and intent across multiple threat detection engines. It connects AI assistants to external tools and data sources through a standardized interface.

How do I install MCP-Dandan?

Follow the installation instructions on the MCP-Dandan GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with MCP-Dandan?

MCP-Dandan works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is MCP-Dandan free to use?

Yes, MCP-Dandan is open source and available under the MIT License license. You can use it freely in both personal and commercial projects.

MCP-Dandan Alternatives โ€” Similar Security Servers

Looking for alternatives to MCP-Dandan? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Casdoor

โ˜… 13.6k

An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD

ghidraMCP

โ˜… 9.0k

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

HexStrike AI

โ˜… 8.9k

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b

IDA Pro MCP

โ˜… 8.7k

Enables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.

Anthropic Cybersecurity Skills

โ˜… 6.6k

754 structured cybersecurity skills for AI agents ยท Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF ยท agentskills.io standard ยท Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform

Hooker

โ˜… 5.1k

๐Ÿ”ฅ๐Ÿ”ฅ hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "mcp-dandan": { "command": "npx", "args": ["-y", "mcp-dandan"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide โ†’

Ready to use MCP-Dandan?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides