Safe Fetch
БесплатноНе проверенA content fetcher that sanitizes, size-caps, and caches fetched content, protecting against injection attacks via the Model Context Protocol.
Описание
A content fetcher that sanitizes, size-caps, and caches fetched content, protecting against injection attacks via the Model Context Protocol.
README
An injection-aware content fetcher, exposed over the Model Context Protocol.
Agents that read the open web read content nobody on your team wrote. A page or a post can carry a fake closing tag followed by "ignore previous instructions and ...". This server fetches a URL, strips it to text, runs defense-in-depth sanitization, caps the size, and caches the result. It is small on purpose. It is the reference implementation of a set of production hardening field notes, not a framework.
Why it exists
Most MCP servers are written for a demo: one caller, one happy path, no untrusted input, no cost ceiling. In production the failures cluster in three places, and none of them show up on day one:
- Untrusted content. A single tag stripper feels safe and is not. Unicode variants and unclosed tags walk straight through one regex.
- Cost. An unbounded response body or an oversized context is money spent on noise.
- Concurrency. Two tools touching one SQLite file throw
database is locked.
This server answers all three in code you can read in five minutes.
What it does
fetch_clean(url, max_chars=2500) returns sanitized, size-capped text plus an audit of
what was done. The defense is order, not cleverness:
- strip the injection wrapper by its literal name, first
- normalize unicode (NFKC) so homoglyph tags cannot hide
- drop script and style bodies, then the generic tag strip
- a second net for common instruction-override phrases
It caps input size with a [truncated] marker (if the model has to ignore most of the
input, you are paying for nothing), clamps the per-call cap at the entry to a hard ceiling,
and caches results in SQLite opened with WAL and busy_timeout so overlapping callers
wait instead of crashing.
Install
pip install -e .
Run
As a standalone MCP server (stdio):
mcp-safe-fetch
Register it with an MCP client (for example, Claude Code) by pointing the client at the
mcp-safe-fetch command. The server exposes one tool, fetch_clean.
Test
pip install -e ".[dev]"
pytest
The field notes behind it
The reasoning, with the production incidents that motivated each defense, is written up
here: a short essay on MCP hardening (concurrency, prompt injection, cost) and what breaks
after day 30. The sanitizer in src/mcp_safe_fetch/sanitize.py is the exact function from
that write-up.
License
MIT.
Установка Safe Fetch
У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.
▸ github.com/PortfolioKB/mcp-safe-fetchFAQ
Safe Fetch MCP бесплатный?
Да, Safe Fetch MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для Safe Fetch?
Нет, Safe Fetch работает без API-ключей и переменных окружения.
Safe Fetch — hosted или self-hosted?
Доступен hosted-вариант: Unyly запускает сервер в облаке, локальная установка не обязательна.
Как установить Safe Fetch в Claude Desktop, Claude Code или Cursor?
Открой Safe Fetch на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
GitHub
PRs, issues, code search, CI status
автор: GitHubFilesystem
Secure file operations with configurable access controls.
Memory
Knowledge graph-based persistent memory system.
Template MCP Server
A CLI tool to create a new Model Context Protocol server project with TypeScript support, dual transport options, and an extensible structure
автор: mcpdotdirectCompare Safe Fetch with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории development
