Pipelock
Security proxy that wraps any MCP server with bidirectional scanning for credential leaks, prompt injection, and tool description poisoning. Also provides an HTTP fetch proxy with a 9-layer scanner pipeline for capability-separated agent deployments.
What is Pipelock?
Pipelock is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to security proxy that wraps any mcp server with bidirectional scanning for credential leaks, prompt injection, and tool description poisoning. also provides an http fetch proxy with a 9-layer scanner pi...
Security proxy that wraps any MCP server with bidirectional scanning for credential leaks, prompt injection, and tool description poisoning. Also provides an HTTP fetch proxy with a 9-layer scanner pipeline for capability-separated agent deployments.
This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- Security proxy that wraps any MCP server with bidirectional
Use Cases
Maintainer
Works with
Installation
Manual Installation
npx pipelockConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use Pipelock
Pipelock is an AI agent security firewall written in Go that wraps any MCP server with bidirectional scanning for credential leaks, prompt injection, and tool-description poisoning. It also operates as an HTTP forward proxy with an 11-layer scanner pipeline covering entropy analysis, SSRF protection, DNS rebinding prevention, and TLS interception — making it suitable for capability-separated agent deployments where untrusted tool results must be inspected before reaching the model. Security teams and platform engineers use Pipelock to add a defense-in-depth layer to Claude Code, Cline, Cursor, AutoGen, and other LLM agent frameworks without modifying the underlying tools.
Prerequisites
- Go 1.25+ (if building from source), or Homebrew/Docker for binary installation
- An existing MCP server or HTTP-based tool you want to protect
- An MCP client such as Claude Code, Cursor, or Cline
- No external API keys required for core scanning — enterprise multi-agent features require a Pipelock license
Install Pipelock
Install via Homebrew on macOS/Linux, pull the Docker image, or build from source. The Homebrew tap is the quickest path for local development.
# Homebrew (macOS/Linux):
brew install luckyPipewrench/tap/pipelock
# Docker:
docker pull ghcr.io/luckypipewrench/pipelock:latest
# From source (requires Go 1.25+):
go install github.com/luckyPipewrench/pipelock/cmd/pipelock@latestInitialize Pipelock and verify detection
Run pipelock init to perform auto-setup and verify that all scanners are operational. Then run a quick test to confirm credential blocking works.
pipelock init
pipelock check --url "https://evil.com/?k=SECRET"Generate a configuration file
Generate a starter configuration using one of three presets (audit, balanced, strict). You can also auto-discover project-specific patterns with pipelock audit.
pipelock generate config --preset balanced > pipelock.yaml
# Or auto-tune from your project:
pipelock audit ./project -o pipelock.yamlRun Pipelock as an MCP proxy
Start the Pipelock proxy in MCP mode to wrap your existing MCP server. Set the PIPELOCK_MCP_PROXY_URL environment variable to point your MCP client at Pipelock instead of the original server.
pipelock run --config pipelock.yaml --listen 0.0.0.0:8888
export PIPELOCK_MCP_PROXY_URL=http://localhost:8889/mcpConfigure your MCP client to use the Pipelock proxy
Update your MCP client configuration so that traffic flows through Pipelock before reaching the upstream MCP server. Also set HTTP_PROXY/HTTPS_PROXY for HTTP fetch interception.
Run security diagnostics
Use the built-in diagnostics tools to verify your setup, check enforcement status, and assess your overall security posture.
pipelock diagnose
pipelock doctor
pipelock assess init && pipelock assess runPipelock Examples
Client configuration
Claude Desktop configuration that routes MCP traffic through Pipelock's scanning proxy before it reaches an upstream filesystem MCP server.
{
"mcpServers": {
"pipelock-proxy": {
"command": "pipelock",
"args": ["run", "--config", "/path/to/pipelock.yaml", "--mode", "mcp"],
"env": {
"HTTPS_PROXY": "http://localhost:8888",
"HTTP_PROXY": "http://localhost:8888",
"PIPELOCK_MCP_PROXY_URL": "http://localhost:8889/mcp"
}
}
}
}Prompts to try
Once Pipelock is running, use these prompts to test its scanning behavior and review its audit log.
- "Show me the Pipelock activity log for the last hour"
- "Run the security posture assessment and summarize the findings"
- "Check if the URL https://internal-api.example.com is flagged for SSRF risk"
- "Generate a Pipelock config preset for a strict production environment"Troubleshooting Pipelock
pipelock: command not found after go install
Add $GOPATH/bin to your PATH: export PATH=$PATH:$(go env GOPATH)/bin. For Homebrew installs, run brew link pipelock if the binary is not linked.
MCP client cannot connect after enabling the proxy
Confirm pipelock run is listening on the expected port (default 8888 for HTTP, 8889 for MCP). Check pipelock diagnose output for firewall or port-conflict issues. Ensure PIPELOCK_MCP_PROXY_URL points to the correct upstream MCP server address.
Legitimate API calls are being blocked by credential scanners
Reduce false positives by switching from the strict preset to balanced: pipelock generate config --preset balanced > pipelock.yaml. You can also allowlist specific URL patterns or entropy thresholds in the YAML config file.
Frequently Asked Questions about Pipelock
What is Pipelock?
Pipelock is a Model Context Protocol (MCP) server that security proxy that wraps any mcp server with bidirectional scanning for credential leaks, prompt injection, and tool description poisoning. also provides an http fetch proxy with a 9-layer scanner pipeline for capability-separated agent deployments. It connects AI assistants to external tools and data sources through a standardized interface.
How do I install Pipelock?
Follow the installation instructions on the Pipelock GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.
Which AI clients work with Pipelock?
Pipelock works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is Pipelock free to use?
Yes, Pipelock is open source and available under the Apache 2.0 license. You can use it freely in both personal and commercial projects.
Pipelock Alternatives — Similar Security Servers
Looking for alternatives to Pipelock? Here are other popular security servers you can use with Claude, Cursor, and VS Code.
Casdoor
★ 13.6kAn open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
ghidraMCP
★ 9.0kAn Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through
HexStrike AI
★ 8.9kHexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b
IDA Pro MCP
★ 8.7kEnables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.
Anthropic Cybersecurity Skills
★ 6.6k754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform
Hooker
★ 5.1k🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u
Browse More Security MCP Servers
Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up Pipelock in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use Pipelock?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.