Is Bluerock safe to use?

Bluerock has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under Apache-2.0.

How do I install Bluerock?

Bluerock supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What AI clients work with Bluerock?

Bluerock is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.

Is Bluerock actively maintained?

Bluerock is actively maintained — last commit was 4 days ago. It has 29 GitHub stars.

Bluerock

Name: Bluerock
Author: bluerock-io

bluerock · by bluerock-io

Runtime visibility for Python MCP servers. Captures tool calls, session lifecycle, module imports (SHA-256), and subprocess execution as structured NDJSON. No code changes. Apache 2.0

29 0 tools GitHub PyPI

No known CVEs

Apache-2.0 license

Actively maintained

Last commit 4d ago

Works with most clients

Transport: stdio, sse, http

0 tools

Grade F

Edit this pageView history

Other

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "bluerock": {
      "args": [
        "bluerock"
      ],
      "command": "uvx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/bluerock)](https://mcppedia.org/s/bluerock)

Read me

What Bluerock does

Runtime visibility for Python MCP servers. Captures tool calls, session lifecycle, module imports (SHA-256), and subprocess execution as structured NDJSON. No code changes. Apache 2.0

Test This Server

This server supports HTTP transport. Be the first to test it — help the community know if it works.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

59/100across 5 weighted dimensions

How we score →

0255075100

−41

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

Checked bluerock against OSV.dev.

Help improve this page

This server is missing a description. Tools and install config are also missing.If you've used it, help the community.

Add information

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Bluerock safe to use?: Bluerock has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under Apache-2.0.
How do I install Bluerock?: Bluerock supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with Bluerock?: Bluerock is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is Bluerock actively maintained?: Bluerock is actively maintained — last commit was 4 days ago. It has 29 GitHub stars.

Similar servers

Others in other

View all →

io.github.wyre-technology/spanning-mcp90

MCP server for Spanning Cloud Backup — M365/GWS/Salesforce backups, restores, audit.

io.github.codeofaxel/kiln88

AI agent control of 3D printers — 432 tools for OctoPrint, Moonraker, Bambu, Prusa, Elegoo

18 11

io.github.wyre-technology/autotask-mcp88

MCP server for Kaseya Autotask PSA — companies, tickets, projects, time entries, and more.

36 6

io.github.AnchorRegistry/ar-mcp88

On-chain provenance lookup for AnchorRegistry. Resolve AR-IDs, hashes, and full trees. Authless.

MCP Security Weekly

Get CVE alerts and security updates for Bluerock and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Other

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "bluerock": {
      "args": [
        "bluerock"
      ],
      "command": "uvx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/bluerock)](https://mcppedia.org/s/bluerock)

Read me

What Bluerock does

Runtime visibility for Python MCP servers. Captures tool calls, session lifecycle, module imports (SHA-256), and subprocess execution as structured NDJSON. No code changes. Apache 2.0

Test This Server

This server supports HTTP transport. Be the first to test it — help the community know if it works.

README

BlueRock MCP Python Hooks

Lightweight runtime security sensor for Python MCP servers. Monitor MCP tool calls, resource access, session lifecycle, and module imports your application makes, with zero code changes, emitting structured events for every operation.

pip install bluerock[oss]
mkdir -p ~/.bluerock
echo '{"enable": true, "mcp": true, "imports": true}' > ~/.bluerock/bluerock-oss.json
python -m bluepython --oss --cfg-dir ~/.bluerock your_script.py
cat ~/.bluerock/event-spool/python-*.ndjson | jq .event

BlueRock wraps your Python process and emits structured NDJSON events for security-sensitive operations. It hooks into Python at startup, before your code runs, so nothing slips through. Your code, your dependencies, and their transitive dependencies are all in scope.

Built for security teams, AppSec engineers, and AI developers deploying MCP agents. Know exactly what your tools call, which modules load, and what data crosses the wire, without changing a line of code. For anyone who wants to know what their Python applications are actually doing at runtime.

	BlueRock	Manual logging	OpenTelemetry
Code changes	None	Instrument every call	Add spans/traces
Covers dependencies	Yes (transitive)	Only what you wrap	Only what you wrap
AI/MCP monitoring	Built-in (6 event types)	DIY	No
Import verification	SHA256 per module	No	No
Output format	NDJSON (structured)	Ad-hoc	OTLP

Requirements

Dependency	Version
Python	>= 3.10 (MCP hooks require 3.10+)
Rust	stable toolchain (build from source only)
OS	Linux (x86_64, aarch64), macOS (arm64, x86_64)
Docker	optional, for the Grafana dashboard

Try It

# 1. Clone and set up
git clone https://github.com/bluerock-io/bluerock.git
cd bluerock
python3 -m venv venv && source venv/bin/activate

# 2. Install the sensor + MCP deps
pip install -e "acoustic/python/"
pip install setuptools-rust && pip install acoustic/python-oss/
pip install mcp fastmcp

# 3. Create a sensor config
mkdir -p ~/.bluerock
echo '{"enable": true, "mcp": true}' > ~/.bluerock/bluerock-oss.json

# 4. Run the MCP example (client launches a server, both are monitored)
cd examples/mcp/
python -m bluepython --oss mcp_client.py --transport stdio

# 5. See what happened
cat ~/.bluerock/event-spool/python-*.ndjson | jq '.event.meta.name' | sort | uniq -c | sort -rn

You should see events like python_mcp_event, python_mcp_server_add, python_mcp_session_created, python_mcp_server_init, and python_mcp_client_connect -- every MCP protocol interaction captured automatically.

Try import monitoring too:

# Enable imports in your config
echo '{"enable": true, "mcp": true, "imports": true}' > ~/.bluerock/bluerock-oss.json

# Run the import monitoring example
pip install requests
python -m bluepython --oss examples/core-hooks/import-monitoring/import_monitoring.py

# See every module loaded, with SHA-256 hashes
cat ~/.bluerock/event-spool/python-*.ndjson \
  | jq -r '.event | select(.meta.name == "python_import") | "\(.fullname) \(.version // "n/a") \(.sha256[0:16])..."'

Why BlueRock

Most runtime instrumentation focuses on observability (tracing API calls, measuring latency, collecting metrics). BlueRock focuses on security: the operations that matter from a threat-detection perspective.

Zero code changes. Wrap any script with python -m bluepython --oss your_script.py. No imports, no SDK integration required. A one-time sensor config enables the hooks you need.
Two-layer hooking. sys.meta_path for every module import (with SHA256 verification), wrapt for MCP protoc

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

59/100across 5 weighted dimensions

How we score →

0255075100

−41

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

Checked bluerock against OSV.dev.

Help improve this page

This server is missing a description. Tools and install config are also missing.If you've used it, help the community.

Add information

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Bluerock safe to use?: Bluerock has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under Apache-2.0.
How do I install Bluerock?: Bluerock supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with Bluerock?: Bluerock is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is Bluerock actively maintained?: Bluerock is actively maintained — last commit was 4 days ago. It has 29 GitHub stars.