Pre-flight MCP security. Blocks compromised deps + tool drift. HMAC-signed. Dredd judges.
Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"dredd": {
"url": "https://analytics.dugganusa.com/api/v1/dredd/mcp"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
Dredd MCP is a pre-invocation security check for the Model Context Protocol ecosystem. Before your agent calls a tool on any other MCP server, Dredd renders a verdict: BLOCK, ADVISORY, or ALLOW. Every verdict is HMAC-signed and cites the IOC or behavioral signal that drove the decision.
No automated test available for this server. Check the GitHub README for setup instructions.
Five weighted categories — click any category to see the underlying evidence.
No known CVEs.
No package registry to scan.
Click any tool to inspect its schema.
watchtowerReal-time aggregate dashboard of every active finding across the MCP registry. Returns counts by severity, recent findings, and current verdict.
https://analytics.dugganusa.com/api/v1/dredd/watchtower.json
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in other
Pi Coding Agent extension (CLI-first) — routes bash/read/grep/find/ls through lean-ctx CLI for strong token savings. Optional MCP bridge can register advanced tools.
Compress tool outputs, logs, files, and RAG chunks before they reach the LLM. 60-95% fewer tokens, same answers. Library, proxy, MCP server.
97% token reduction for AI coding sessions — zero deps, 21 languages, MCP server
Autonomous spec-to-product coding-agent CLI with an MCP server exposing 34 tools over stdio.
MCP Security Weekly
Get CVE alerts and security updates for io.github.pduggusa/dredd-mcp and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
"Jeevesus saves. Dredd judges."
Dredd MCP is a pre-invocation security check for the Model Context Protocol ecosystem. Before your agent calls a tool on any other MCP server, Dredd renders a verdict: BLOCK, ADVISORY, or ALLOW. Every verdict is HMAC-signed and cites the IOC or behavioral signal that drove the decision.
The MCP ecosystem has had no defender. Three PyPI ML packages were compromised in eight days during late April 2026. Twenty-plus MCP-named GitHub repositories were caught serving SmartLoader malware in the wild. The official MCP Registry was clean of those when we measured — but the typosquat surface is wide open.
Dredd is the layer that catches the next compromise before the malicious tool gets called.
Dredd no longer stops at the named server. It walks the transitive dependency graph.
The Shai-Hulud worm taught the ecosystem the hard lesson: the malicious code is rarely in the package you installed — it's three levels down, in a transitive dependency that got its publish token stolen. A check that only vets the server you named is blind to exactly the attack that's been hitting npm and PyPI.
So every preflight now resolves the target server's full npm/pypi dependency graph and joins every transitive package against our continuously updated IOC corpus — including the OSV malicious-package feeds for npm and PyPI. If a known-malicious package is buried anywhere in the tree, Dredd blocks the call before the tool runs.
The verdict is signed (HMAC-SHA256) and now carries a dep_graph field telling you whether transitive supply-chain risk was actually evaluated for that target:
{
"verdict": "BLOCK",
"severity": "critical",
"dep_graph": { "evaluated": true, "packages_checked": 247, "malicious_transitive": 1 },
"signature": "sha256=..."
}
If the server doesn't expose a resolvable manifest, dep_graph.evaluated is false and Dredd drops to the advisory tier — it tells you it couldn't see the tree rather than pretending it's clean.
Every preflight call evaluates these signals:
lightning==2.6.2 or any other known-compromised version, the call is blocked. The dep_graph field on the verdict reports whether the transitive tree was evaluated.The verdict comes back signed in under 200 ms (Cloudflare-edge cached, 5-minute TTL). The hook fails open by default — if our endpoint is ever down, Dredd does not brick your tooling.
Add to your claude_desktop_config.json:
{
"mcpServers": {
"dredd": {
"url": "https://analytics.dugganusa.com/api/v1/dredd/mcp"
}
}
}
Restart Claude Desktop. You'll see Dredd available with one tool: check_mcp_server.
Add to ~/.cursor/mcp.json:
{
"mcpServers": {
"
... [View full README on GitHub](https://github.com/pduggusa/dredd-mcp#readme)