{"id":"aira-security-mcp-armor","name":"mcp-armor","homepage":"https://airasecurity.ai","repo_url":"https://github.com/aira-security/mcp-armor","category":"security","subcategories":[],"tags":["ai-agent-security","mcp","security-scanning","prompt-injection","tool-poisoning","baseline-drift","cli"],"what_it_does":"mcp-armor is a local Python CLI tool that auto-discovers and scans Model Context Protocol (MCP) configurations (for popular agent/IDE setups), inventories MCP tools/resources/prompts, runs static security checks (e.g., prompt injection, tool poisoning/shadowing, secret detection), and optionally performs baseline drift detection via an inspect/scan workflow that flags deviations from an approved baseline.","use_cases":["Pre-deployment security review of MCP server integrations configured in agent/IDE tooling","Automated detection of risky tool/prompt/resource content in MCP configurations","Baseline drift monitoring for MCP components over time (detect rug pulls / modified tools/resources/prompts)","Generating JSON/Markdown reports for security audits"],"not_for":["Runtime enforcement/blocking of malicious tool usage (not provided in the open-source version)","Comprehensive agent behavior policy enforcement beyond MCP (mentioned as enterprise/platform capability only)","Services that require remote hosted scanning with centralized dashboards (open-source runs locally)"],"best_when":"You want local, static security scanning and drift detection for MCP configurations integrated into development tools/agents, and you can maintain an approved baseline.","avoid_when":"You need real-time runtime blocking or enforcement, or you require an always-on hosted security service with dashboards/webhooks.","alternatives":["Manual review of MCP server tool/resource/prompt definitions and permissions","General-purpose SAST/linting for prompt injection patterns in configuration files","Enterprise MCP security platforms that provide runtime enforcement (as referenced by the project’s marketing)"],"af_score":37.0,"security_score":34.5,"reliability_score":30.0,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T13:45:30.036235+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":false,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":[],"oauth":false,"scopes":false,"notes":"No remote API is described; the CLI appears to run locally and connect to configured MCP servers for inspection."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Open-source version is installed via pip. The README references an enterprise platform for additional runtime and policy enforcement capabilities, but does not list pricing for that platform in the provided content."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":37.0,"security_score":34.5,"reliability_score":30.0,"mcp_server_quality":40.0,"documentation_accuracy":65.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":100.0,"rate_limit_clarity":0.0,"tls_enforcement":50.0,"auth_strength":30.0,"scope_granularity":0.0,"dependency_hygiene":40.0,"secret_handling":55.0,"security_notes":"Strengths: focuses on MCP security analysis (prompt injection, tool poisoning/shadowing, hardcoded secret detection) and baseline drift detection; runs locally per README FAQ, reducing external data sharing. Unknowns/risks: the provided content does not specify how it securely handles collected artifacts (e.g., whether logs/reports might contain sensitive data), nor does it describe transport/auth controls when connecting to MCP servers. Dependencies include heavy ML packages (torch/transformers), which can increase attack surface and supply-chain risk if not pinned/maintained.","uptime_documented":0.0,"version_stability":45.0,"breaking_changes_history":40.0,"error_recovery":35.0,"idempotency_support":"false","idempotency_notes":"No idempotency semantics are described (CLI commands write outputs/baselines/reports/logs; reruns may append/overwrite depending on implementation).","pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["CLI-focused: no clearly documented programmatic/SDK interface for agents to integrate directly.","Behavior depends on local environment discovery of MCP configurations (paths/format expectations may vary by IDE/client).","Baseline drift detection requires an existing baseline produced by inspect; first run behavior differs from subsequent runs."]}}