Pipelock

v1.0.0Securitystable

Security proxy that wraps any MCP server with bidirectional scanning for credential leaks, prompt injection, and tool description poisoning. Also provides an HTTP fetch proxy with a 9-layer scanner pipeline for capability-separated agent deployments.

agent-securityai-agent-securityai-agentsai-firewallai-security
Share:
626
Stars
0
Downloads
0
Weekly
0/5

What is Pipelock?

Pipelock is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to security proxy that wraps any mcp server with bidirectional scanning for credential leaks, prompt injection, and tool description poisoning. also provides an http fetch proxy with a 9-layer scanner pi...

Security proxy that wraps any MCP server with bidirectional scanning for credential leaks, prompt injection, and tool description poisoning. Also provides an HTTP fetch proxy with a 9-layer scanner pipeline for capability-separated agent deployments.

This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • Security proxy that wraps any MCP server with bidirectional

Use Cases

MCP server security proxy
Credential leak and prompt injection detection
9-layer HTTP fetch scanning
luckyPipewrench

Maintainer

LicenseApache 2.0
Languagego
Versionv1.0.0
UpdatedMay 22, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

Manual Installation

npx pipelock

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use Pipelock

Pipelock is an AI agent security firewall written in Go that wraps any MCP server with bidirectional scanning for credential leaks, prompt injection, and tool-description poisoning. It also operates as an HTTP forward proxy with an 11-layer scanner pipeline covering entropy analysis, SSRF protection, DNS rebinding prevention, and TLS interception — making it suitable for capability-separated agent deployments where untrusted tool results must be inspected before reaching the model. Security teams and platform engineers use Pipelock to add a defense-in-depth layer to Claude Code, Cline, Cursor, AutoGen, and other LLM agent frameworks without modifying the underlying tools.

Prerequisites

  • Go 1.25+ (if building from source), or Homebrew/Docker for binary installation
  • An existing MCP server or HTTP-based tool you want to protect
  • An MCP client such as Claude Code, Cursor, or Cline
  • No external API keys required for core scanning — enterprise multi-agent features require a Pipelock license
1

Install Pipelock

Install via Homebrew on macOS/Linux, pull the Docker image, or build from source. The Homebrew tap is the quickest path for local development.

# Homebrew (macOS/Linux):
brew install luckyPipewrench/tap/pipelock

# Docker:
docker pull ghcr.io/luckypipewrench/pipelock:latest

# From source (requires Go 1.25+):
go install github.com/luckyPipewrench/pipelock/cmd/pipelock@latest
2

Initialize Pipelock and verify detection

Run pipelock init to perform auto-setup and verify that all scanners are operational. Then run a quick test to confirm credential blocking works.

pipelock init
pipelock check --url "https://evil.com/?k=SECRET"
3

Generate a configuration file

Generate a starter configuration using one of three presets (audit, balanced, strict). You can also auto-discover project-specific patterns with pipelock audit.

pipelock generate config --preset balanced > pipelock.yaml
# Or auto-tune from your project:
pipelock audit ./project -o pipelock.yaml
4

Run Pipelock as an MCP proxy

Start the Pipelock proxy in MCP mode to wrap your existing MCP server. Set the PIPELOCK_MCP_PROXY_URL environment variable to point your MCP client at Pipelock instead of the original server.

pipelock run --config pipelock.yaml --listen 0.0.0.0:8888
export PIPELOCK_MCP_PROXY_URL=http://localhost:8889/mcp
5

Configure your MCP client to use the Pipelock proxy

Update your MCP client configuration so that traffic flows through Pipelock before reaching the upstream MCP server. Also set HTTP_PROXY/HTTPS_PROXY for HTTP fetch interception.

6

Run security diagnostics

Use the built-in diagnostics tools to verify your setup, check enforcement status, and assess your overall security posture.

pipelock diagnose
pipelock doctor
pipelock assess init && pipelock assess run

Pipelock Examples

Client configuration

Claude Desktop configuration that routes MCP traffic through Pipelock's scanning proxy before it reaches an upstream filesystem MCP server.

{
  "mcpServers": {
    "pipelock-proxy": {
      "command": "pipelock",
      "args": ["run", "--config", "/path/to/pipelock.yaml", "--mode", "mcp"],
      "env": {
        "HTTPS_PROXY": "http://localhost:8888",
        "HTTP_PROXY": "http://localhost:8888",
        "PIPELOCK_MCP_PROXY_URL": "http://localhost:8889/mcp"
      }
    }
  }
}

Prompts to try

Once Pipelock is running, use these prompts to test its scanning behavior and review its audit log.

- "Show me the Pipelock activity log for the last hour"
- "Run the security posture assessment and summarize the findings"
- "Check if the URL https://internal-api.example.com is flagged for SSRF risk"
- "Generate a Pipelock config preset for a strict production environment"

Troubleshooting Pipelock

pipelock: command not found after go install

Add $GOPATH/bin to your PATH: export PATH=$PATH:$(go env GOPATH)/bin. For Homebrew installs, run brew link pipelock if the binary is not linked.

MCP client cannot connect after enabling the proxy

Confirm pipelock run is listening on the expected port (default 8888 for HTTP, 8889 for MCP). Check pipelock diagnose output for firewall or port-conflict issues. Ensure PIPELOCK_MCP_PROXY_URL points to the correct upstream MCP server address.

Legitimate API calls are being blocked by credential scanners

Reduce false positives by switching from the strict preset to balanced: pipelock generate config --preset balanced > pipelock.yaml. You can also allowlist specific URL patterns or entropy thresholds in the YAML config file.

Frequently Asked Questions about Pipelock

What is Pipelock?

Pipelock is a Model Context Protocol (MCP) server that security proxy that wraps any mcp server with bidirectional scanning for credential leaks, prompt injection, and tool description poisoning. also provides an http fetch proxy with a 9-layer scanner pipeline for capability-separated agent deployments. It connects AI assistants to external tools and data sources through a standardized interface.

How do I install Pipelock?

Follow the installation instructions on the Pipelock GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with Pipelock?

Pipelock works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is Pipelock free to use?

Yes, Pipelock is open source and available under the Apache 2.0 license. You can use it freely in both personal and commercial projects.

Pipelock Alternatives — Similar Security Servers

Looking for alternatives to Pipelock? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Casdoor

13.6k

An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD

ghidraMCP

9.0k

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

HexStrike AI

8.9k

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b

IDA Pro MCP

8.7k

Enables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.

Anthropic Cybersecurity Skills

6.6k

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform

Hooker

5.1k

🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "pipelock": { "command": "npx", "args": ["-y", "pipelock"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use Pipelock?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides