Mcp Watchdog

Name: Mcp Watchdog
Author: bountyyfi

by bountyyfi

MCP security proxy that sits between AI coding assistants and MCP servers, detecting and blocking all known MCP attack classes. Works with any MCP server (tools, resources, prompts) on macOS, Linux, and Windows.

22 0 tools GitHub

No known CVEs

No license

Maintained

Last commit 84d ago

Works with most clients

Transport: stdio

0 tools

Grade F

Edit this pageView history

Security Developer Tools

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "mcp-watchdog": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/mcp-watchdog)](https://mcppedia.org/s/mcp-watchdog)

Read me

What Mcp Watchdog does

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

32/100across 5 weighted dimensions

How we score →

0255075100

−68

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Mcp Watchdog safe to use?: Mcp Watchdog has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Mcp Watchdog?: Mcp Watchdog can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with Mcp Watchdog?: Mcp Watchdog is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is Mcp Watchdog actively maintained?: Mcp Watchdog is recently maintained — last commit was 84 days ago. It has 22 GitHub stars.

Similar servers

Others in security / developer-tools

View all →

XcodeBuildMCP97

A Model Context Protocol (MCP) server and CLI that provides tools for agent use when working on iOS and macOS projects.

5.7k 2

XcodeBuildMCP97

XcodeBuildMCP provides tools for Xcode project management, simulator management, and app utilities.

5.7k 1

Supabase MCP Server97

Manage Supabase projects — databases, auth, storage, and edge functions

2.7k 4

Mcp Gitlab96

MCP server for using the GitLab API

1.5k 12

MCP Security Weekly

Get CVE alerts and security updates for Mcp Watchdog and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

mcp-watchdog

Catches Rug Pulls, Tool Poisoning, Tool Shadowing, Name Squatting, Parameter Injection, SSRF, Command Injection, SQL Injection, Reverse Shell, Supply Chain Impersonation, Token Leakage, OAuth Confused Deputy, Session Smuggling, Context Leakage, Email Header Injection, False-Error Escalation, Preference Manipulation, ANSI Escape Injection, MCP Parasite, Thanatos (all 4 layers), SANDWORM_MODE-style prompt injection, Resource Content Injection, Prompt Template Injection, Sampling Hijack, and Elicitation Credential Harvesting — before any of it reaches your AI assistant.

Why this exists

MCP (Model Context Protocol) servers have full access to your AI assistant's context. A malicious or compromised server can:

Inject hidden instructions into tool descriptions (<IMPORTANT> blocks telling the AI to exfiltrate credentials)

Silently redefine tools after initial approval (Rug Pull attacks)

Shadow trusted tools by injecting cross-server override instructions in tool descriptions (100% ASR on Claude Desktop)

Squat tool names by registering duplicate tool names from different servers

Steal system prompts and conversation history via parameter injection (HiddenLayer attack)

Access cloud metadata via SSRF through URI parameters (MCP fURI, 36.7% of servers vulnerable)

Execute arbitrary commands via shell metacharacters in tool arguments

Inject SQL via tool arguments to SQLite/database MCP servers (Trend Micro disclosure)

Spawn reverse shells to C2 servers (JFrog found 3 PyPI + npm packages with identical reverse shell payloads)

Impersonate legitimate packages via typosquatting (fake Postmark MCP server - 1,643 downloads)

Leak API keys and tokens (GitHub PATs, AWS keys, Slack tokens, JWTs) in responses

Hijack OAuth flows via malformed authorization endpoints (CVE-2025-6514, 437K+ dev environments)

Inject messages into sessions via agent session smuggling (A2A attacks)

Silently BCC emails to attacker addresses via email header injection (postmark-mcp incident)

Trigger privilege escalation via fake error messages designed to manipulate AI into granting elevated access

Manipulate tool selection via persuasive language in descriptions biasing which tools the AI chooses

Hide instructions via ANSI escape sequences and bidirectional text overrides invisible in terminal UIs

Profile your behavior by collecting commit timestamps, deploy windows, and activity patterns

Encode payloads steganographically inside normal-looking JSON responses

Propagate across servers - output from Server A influences calls to Server B

Persist across sessions by writing state to project files outside declared scope

Escape filesystem sandboxes via symlink attacks bypassing path restrictions

Exfiltrate data via URL params - sensitive tokens embedded in `https://evil.com

Frequently Asked Questions

Is Mcp Watchdog safe to use?

Mcp Watchdog has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install Mcp Watchdog?

Mcp Watchdog can be installed by cloning its GitHub repository and following the setup instructions in the README.

What AI clients work with Mcp Watchdog?

Mcp Watchdog is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.

Is Mcp Watchdog actively maintained?

Mcp Watchdog is recently maintained — last commit was 84 days ago. It has 22 GitHub stars.