Command Palette

Search for a command to run...

UnylyUnyly
Весь каталог

Safe Fetch

БесплатноНе проверен

A content fetcher that sanitizes, size-caps, and caches fetched content, protecting against injection attacks via the Model Context Protocol.

GitHubEmbed

Описание

A content fetcher that sanitizes, size-caps, and caches fetched content, protecting against injection attacks via the Model Context Protocol.

README

tests

An injection-aware content fetcher, exposed over the Model Context Protocol.

Agents that read the open web read content nobody on your team wrote. A page or a post can carry a fake closing tag followed by "ignore previous instructions and ...". This server fetches a URL, strips it to text, runs defense-in-depth sanitization, caps the size, and caches the result. It is small on purpose. It is the reference implementation of a set of production hardening field notes, not a framework.

Why it exists

Most MCP servers are written for a demo: one caller, one happy path, no untrusted input, no cost ceiling. In production the failures cluster in three places, and none of them show up on day one:

  • Untrusted content. A single tag stripper feels safe and is not. Unicode variants and unclosed tags walk straight through one regex.
  • Cost. An unbounded response body or an oversized context is money spent on noise.
  • Concurrency. Two tools touching one SQLite file throw database is locked.

This server answers all three in code you can read in five minutes.

What it does

fetch_clean(url, max_chars=2500) returns sanitized, size-capped text plus an audit of what was done. The defense is order, not cleverness:

  1. strip the injection wrapper by its literal name, first
  2. normalize unicode (NFKC) so homoglyph tags cannot hide
  3. drop script and style bodies, then the generic tag strip
  4. a second net for common instruction-override phrases

It caps input size with a [truncated] marker (if the model has to ignore most of the input, you are paying for nothing), clamps the per-call cap at the entry to a hard ceiling, and caches results in SQLite opened with WAL and busy_timeout so overlapping callers wait instead of crashing.

Install

pip install -e .

Run

As a standalone MCP server (stdio):

mcp-safe-fetch

Register it with an MCP client (for example, Claude Code) by pointing the client at the mcp-safe-fetch command. The server exposes one tool, fetch_clean.

Test

pip install -e ".[dev]"
pytest

The field notes behind it

The reasoning, with the production incidents that motivated each defense, is written up here: a short essay on MCP hardening (concurrency, prompt injection, cost) and what breaks after day 30. The sanitizer in src/mcp_safe_fetch/sanitize.py is the exact function from that write-up.

License

MIT.

from github.com/PortfolioKB/mcp-safe-fetch

Установка Safe Fetch

У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.

▸ github.com/PortfolioKB/mcp-safe-fetch

FAQ

Safe Fetch MCP бесплатный?

Да, Safe Fetch MCP бесплатный — установка в пару кликов через Unyly без оплаты.

Нужен ли API-ключ для Safe Fetch?

Нет, Safe Fetch работает без API-ключей и переменных окружения.

Safe Fetch — hosted или self-hosted?

Доступен hosted-вариант: Unyly запускает сервер в облаке, локальная установка не обязательна.

Как установить Safe Fetch в Claude Desktop, Claude Code или Cursor?

Открой Safe Fetch на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.

Похожие MCP

Compare Safe Fetch with

Не уверен что выбрать?

Найди свой стек за 60 секунд

Автор?

Embed-бейдж для README

Похожее

Все в категории development