{"id":"mcp-defender-mcp-defender","name":"MCP-Defender","homepage":"https://mcpdefender.com","repo_url":"https://github.com/MCP-Defender/MCP-Defender","category":"security","subcategories":[],"tags":["security","mcp","model-context-protocol","tool-calling","desktop-app","proxy","signature-based-detection","human-in-the-loop"],"what_it_does":"MCP Defender is a desktop application that proxies MCP tool-call requests and responses from supported AI apps (e.g., Cursor, Claude, VS Code, Windsurf) through the Defender. It inspects the intercepted traffic against signature rules and prompts the user to allow or block tool calls when harmful patterns are detected.","use_cases":["Reduce risk from malicious or unsafe MCP tool calls initiated by AI apps","Add a human-in-the-loop approval gate for MCP actions (allow/block)","Protect developer workflows using MCP-enabled IDE/clients"],"not_for":["Replacing a full security program or comprehensive threat modeling for AI tool usage","Detecting every possible malicious behavior without false positives/negatives","A server-side service/API meant for programmatic integration (it appears to be an end-user desktop proxy/app)"],"best_when":"You run an MCP-capable AI desktop client in a local environment and want an interactive prompt/guardrail for tool-calling based on signature inspection.","avoid_when":"You need a headless, server-based, fully automated policy enforcement system without user interaction or auditing; or you require a documented, stable programmatic API for integration into other systems.","alternatives":["MCP-focused gateway/proxy solutions with policy enforcement (where available)","IDE/agent sandboxing and network egress restrictions","General LLM tool-use security frameworks and permissioning layers","Browser/host-level outbound filtering (firewalls/proxies) combined with allowlists"],"af_score":30.0,"security_score":43.8,"reliability_score":27.5,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T13:35:37.333323+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":false,"mcp_server_url":null,"has_sdk":false,"sdk_languages":["TypeScript"],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":[],"oauth":false,"scopes":false,"notes":"The README describes interactive allow/block decisions but does not describe any authentication mechanism (e.g., API keys/OAuth) for a programmatic interface."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No pricing information provided in the supplied README/manifest."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":30.0,"security_score":43.8,"reliability_score":27.5,"mcp_server_quality":0.0,"documentation_accuracy":35.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":90.0,"rate_limit_clarity":0.0,"tls_enforcement":60.0,"auth_strength":30.0,"scope_granularity":40.0,"dependency_hygiene":55.0,"secret_handling":40.0,"security_notes":"Security is positioned around proxying and signature inspection of MCP tool-call traffic with user allow/block prompts. However, the provided materials do not document transport security details, authentication/authorization model, scope/policy granularity, logging/retention behavior, or secret-handling practices. Desktop proxy apps can introduce local trust and operational risks if not carefully sandboxed and if users install/run them with excessive privileges.","uptime_documented":0.0,"version_stability":40.0,"breaking_changes_history":40.0,"error_recovery":30.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["This appears to be a desktop proxy application rather than a standard API/MCP server exposed for agent-to-agent integration, so agents may not have a clean machine interface to control policies.","No documentation was provided here about how Defender surfaces decisions/events programmatically (e.g., logs, callbacks, CLI) or how it behaves under network/proxy failures.","Signature-based detection can produce false positives/negatives; without documented policy controls, automation strategies may be limited."]}}