Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"io-github-mlawsonking-email-guard-mcp": {
"args": [
"-y",
"web-tools-mcp"
],
"command": "npx"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
A family of deterministic tools that AI agents and developers call constantly — each exposed both as plain HTTP APIs and as an MCP server. No LLM in the loop, no API keys for the free tier, no tracking. Same input → same output. Just reliable, boring, useful tools.
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
npx -y 'web-tools-mcp' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Five weighted categories — click any category to see the underlying evidence.
No known CVEs.
Checked web-tools-mcp against OSV.dev.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in ai-ml / communication
Persistent memory using a knowledge graph
Asynchronous coordination layer for AI coding agents: identities, inboxes, searchable threads, and advisory file leases over FastMCP + Git + SQLite
Dynamic problem-solving through sequential thought chains
An autonomous agent that conducts deep research on any data using any LLM providers
MCP Security Weekly
Get CVE alerts and security updates for io.github.mlawsonking/email-guard-mcp and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
Six small tools that AI agents and developers call constantly, each available both as a plain HTTP API and as an MCP server. No LLM in the loop, and no accounts or API keys for the free tier. Same input, same output. Boring and reliable on purpose.
Five of them are guards: one check per risky action an agent takes, such as installing a package, reading untrusted text or email, following a link, sending money, or writing code. The sixth is a utility set for reading and parsing the web. All are free to run, with paid tiers on RapidAPI for higher volume.
| Tool | What it checks | Install (MCP) | API | RapidAPI |
|---|---|---|---|---|
| Package Guard | A package before install: does it exist (slopsquat), vulns, malware, typosquats | npx -y package-guard-mcp | live | listing |
| Agent Firewall | Untrusted input: prompt injection, leaked secrets/PII, URL and IP reputation | npx -y agent-firewall-mcp | live | listing |
| Payment Guard | A payee before sending: OFAC sanctions, scam lists, honeypot tokens, ENS spoofs | npx -y payment-guard-mcp | live | listing |
| Email Guard | Inbound mail for injection/phishing, outbound for secret leaks and deliverability | npx -y email-guard-mcp | live | listing |
| Code Guard | AI-generated code: injection, SSRF, secrets, weak crypto, unsafe deserialization | npx -y @mlawsonking/code-guard-mcp | live | listing |
| Agent Web Tools | Web utilities: page to Markdown, metadata, CSS scrape, RSS, DNS, RDAP, SSL, HTTP | npx -y web-tools-mcp | live | listing |
Add any or all to your client config (Claude Desktop, Cursor, Claude Code, and so on):
{
"mcpServers": {
"package-guard": { "command": "npx", "args": ["-y", "package-guard-mcp"] },
"agent-firewall": { "command": "npx", "args": ["-y", "agent-firewall-mcp"] },
"payment-guard": { "command": "npx", "args": ["-y", "payment-guard-mcp"] },
"email-guard": { "command": "npx", "args": ["-y", "email-guard-mcp"] },
"code-guard": { "command": "npx", "args": ["-y", "@mlawsonking/code-guard-mcp"] },
"web-tools": { "command": "npx", "args": ["-y", "web-tools-mcp"] }
}
}
package-guard-mcp)verify_package (does it exist, else likely a hallucination or slopsquat, with suggestions), check_vulns (OSV), package_info, audit_deps, typosquat_scan. Ecosystems: npm, PyPI, Go, crates.io, RubyGems, Maven, NuGet. Data: OSV.dev, npm, PyPI. API: https://package-guard.vercel.app. Code: package-guard-mcp/ and package-guard/.
agent-firewall-mcp)scan_content (prompt injection, jailbreak, hidden-text obfuscation), scan_secrets (secrets and PII, with a redacted copy), check_url, check_ip, check_password (HIBP, k-anonymity). Data: HIBP, RDAP, Tor, Team Cymru, DNS. API: https://agent-firewall-seven.vercel.app. Code: agent-firewall-mcp/ and agent-firewall/.
payment-guard-mcp)screen_address (address or ENS to a safe/caution/block verdict), screen_payment (x402 or merchant URL), check_sanctioned (fast OFAC), resolve_name (ENS, screened), screen_token (honeypot, rug, and tax risk via on-chain simulation). Data: OFAC SDN