loading…
/ru
Весь каталог
82ch/MCP-Dandan
БесплатноНе проверенReal-time security framework for MCP servers that detects and blocks malicious AI agent behavior by analyzing tool call patterns and intent across multiple thre
Описание
Real-time security framework for MCP servers that detects and blocks malicious AI agent behavior by analyzing tool call patterns and intent across multiple threat detection engines.
README
MCP-Dandan
Overview
MCP-Dandan is an integrated monitoring service that observes MCP (Model Context Protocol) communications and detects security threats in real time. It features a modern desktop UI built with Electron for easy monitoring and management.
Currently, MCP-Dandan is listed in well-known MCP-related open-source collections and can be found in the following repositories:
https://github.com/user-attachments/assets/928686ab-a5aa-4486-8d8e-d4a9592adc3e
Features
- Real-time MCP Traffic Monitoring: Intercepts and analyzes MCP communications
- Multi-Engine Threat Detection:
- Command Injection Detection
- File System Exposure Detection
- PII Leak Detection(custom rules supported)
- Data Exfiltration Detection
- Tools Poisoning Detection (LLM-based)
- Desktop UI: Electron-based application with interactive dashboard
- Interactive Tutorial: Built-in tutorial system for new users
- Blocking Capabilities: Real-time threat blocking with user control
- Cross-Platform: Supports Windows, macOS, and Linux
Quick Start
Installation
# Clone the repository
git clone https://github.com/82ch/MCP-Dandan.git
cd MCP-Dandan
# Install all dependencies (Python + Node.js)
npm run install-all
Running the Application
# Start both server and desktop UI
npm run dev
The server will start on http://127.0.0.1:8282 and the Electron desktop app will launch automatically.
Project Structure
Detection Engines
1. Command Injection Engine
Identifies potential command injection patterns in tool calls.
2. File System Exposure Engine
Monitors unauthorized file system access attempts.
3. PII Leak Engine (custom rules supported)
Detects potential PII leakage with built-in rules and optional user-defined customization.
4. Data Exfiltration Engine
Identifies suspicious data transfer patterns.
5. Tools Poisoning Engine (LLM-based)
Uses semantic analysis to detect misuse of MCP tools:
- Compares tool specifications vs actual usage
- Scores alignment (0-100) with detailed breakdown
- Auto-categorizes severity: none/low/medium/high
Engine Setting
https://github.com/user-attachments/assets/3d6f2304-0a6b-492e-9f2d-bba76df98b4c
Input your MISTRAL_API_KEY to enable the Tools Poisoning Engine, and configure detection settings as needed.
Desktop UI Features
- Real-time Dashboard: Monitor MCP traffic and threats in real time
- Interactive Tutorial: Learn how to use the system with step-by-step guides
- Blocking Interface: Review and control threat blocking actions
- Settings Panel: Configure detection engines and system behavior
- Chat Panel: Interact with the system and view logs
https://github.com/user-attachments/assets/19bcbdfb-c893-468d-a8a6-1c7b70a1c7b7
Full Documentation
For detailed explanations and technical documentation, please refer to the
MCP-Dandan Wiki.Have questions or suggestions?
Please visit the Discussions tab.
Как установить
Выполни в терминале:
claude mcp add 82ch-mcp-dandan -- npx 
