Command Palette

Search for a command to run...

UnylyUnyly
Весь каталог

SecureMCP Agentic

БесплатноНе проверен

Provides a set of tools with a security verification layer that assesses risk and requires human approval for high-risk actions, reducing prompt injection and t

GitHubEmbed

Описание

Provides a set of tools with a security verification layer that assesses risk and requires human approval for high-risk actions, reducing prompt injection and tool-poisoning attacks.

README

SecureMCP-Agentic is a research prototype for secure tool selection in LLM-based agents. It adds a security-aware verification layer between top-k tool retrieval and tool execution to reduce prompt injection and tool-poisoning attacks in MCP-enabled agent systems.

Current Status

The current implementation is a working heuristic baseline. It includes:

  • Local MCP server with benign, high-risk, and simulated malicious tools
  • ChromaDB-based top-k tool retrieval
  • Prompt-injection phrase detection
  • Intent-mismatch approximation
  • Permission-risk scoring
  • Execution-impact scoring
  • MCP server/tool trust scoring
  • Threshold-based risk classification
  • Human approval for high-risk actions
  • Docker-isolated tool execution
  • JSONL experiment logging

The planned next stage is a multi-LLM verification framework with specialized security, intent, permission, execution, trust, and judge verifiers.

Proposed Workflow

User Prompt
    ↓
Intent Context
    ↓
MCP Tool Discovery
    ↓
Top-k Tool Retrieval
    ↓
Risk Verification
    ↓
Risk-Aware Tool Selection
    ↓
Execute / Final Verify / Human Approval / Reject
    ↓
Docker Sandbox
    ↓
Audit Log

Current Risk Algorithm

For each candidate tool, the prototype calculates:

R = 0.40S + 0.20A + 0.20P + 0.10E + 0.10T

Where:

  • S = prompt-injection or suspicious-description score
  • A = intent-mismatch score
  • P = permission-risk score
  • E = execution-impact score
  • T = MCP server or tool-source trust risk

The security-adjusted selection score is:

Secure Utility = Relevance × (1 - Risk)

Critical-risk tools are excluded before final selection.

Risk Thresholds

Risk Score Level Action
0.00–0.2499 Low Execute in sandbox
0.25–0.4999 Medium Send to final verifier
0.50–0.7499 High Require human approval
0.75–1.00 Critical Reject

These values are preliminary heuristic settings and will later be calibrated using validation data.

Project Structure

securemcp-sandbox/
│
├── .vscode/
│   ├── launch.json
│   └── tasks.json
│
├── data/
│   └── tools.json
│
├── executor/
│   ├── Dockerfile
│   └── executor.py
│
├── logs/
│
├── src/
│   ├── main.py
│   ├── mcp_server.py
│   ├── retriever.py
│   ├── risk_engine.py
│   └── runner.py
│
├── .gitignore
├── requirements.txt
└── README.md

Requirements

  • Python 3.11 or 3.12
  • Docker Desktop
  • Node.js and npm
  • Visual Studio Code
  • Git

Setup

1. Clone the repository

git clone https://github.com/Nafeeul/SecureMCP-Agentic.git
cd SecureMCP-Agentic

2. Create a virtual environment

py -m venv .venv
.\.venv\Scripts\Activate.ps1

3. Install dependencies

python -m pip install --upgrade pip
python -m pip install -r requirements.txt

4. Build the Docker executor

Make sure Docker Desktop is running.

docker build -t securemcp-executor .\executor

5. Run the SecureMCP experiment

python .\src\main.py

Example prompt:

Find a New Year's gift under $80 with at least 4.5 stars.

Run the MCP Server

Start the MCP Inspector from the project root:

npx -y @modelcontextprotocol/inspector .venv/Scripts/python.exe src/mcp_server.py

Then open:

Tools → List Tools

The current MCP server exposes:

  • product_search
  • gift_suggestion
  • simulated_email_sender
  • priority_product_tool

The malicious tool is simulated only. It does not access real data or make network requests.

Docker Safety Controls

Approved tools run inside a restricted Docker container with:

  • No network access
  • Read-only root filesystem
  • Non-root execution
  • Dropped Linux capabilities
  • No privilege escalation
  • CPU and memory limits
  • Process-count limits
  • Execution timeout
  • Explicit tool allow-list

Do not mount personal folders, credentials, Docker sockets, or production services into the sandbox.

Experiment Logs

Each run is saved to:

logs/experiments.jsonl

The log includes:

  • User prompt
  • Retrieved top-k tools
  • Relevance scores
  • Individual risk scores
  • Final risk level
  • Baseline-selected tool
  • SecureMCP-selected tool
  • Decision
  • Sandbox execution result
  • Latency

Benchmark Datasets

The planned evaluation will use:

ToolBench

Repository:

https://github.com/OpenBMB/ToolBench

Planned use:

  • Large-scale API metadata
  • Tool descriptions
  • Retrieval experiments
  • User instructions
  • Top-k candidate testing

API-Bank

Repository:

https://github.com/AlibabaResearch/DAMO-ConvAI/tree/main/api-bank

Planned use:

  • User prompts
  • Tool-use dialogues
  • Expected API calls
  • Expected parameters

The benchmark data will be converted into a unified SecureMCP format before testing. Controlled poisoned variants will be generated from selected benign tool descriptions. Real external APIs will not be executed.

from github.com/Nafeeul/SecureMCP-Agentic

Установка SecureMCP Agentic

У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.

▸ github.com/Nafeeul/SecureMCP-Agentic

FAQ

SecureMCP Agentic MCP бесплатный?

Да, SecureMCP Agentic MCP бесплатный — установка в пару кликов через Unyly без оплаты.

Нужен ли API-ключ для SecureMCP Agentic?

Нет, SecureMCP Agentic работает без API-ключей и переменных окружения.

SecureMCP Agentic — hosted или self-hosted?

Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.

Как установить SecureMCP Agentic в Claude Desktop, Claude Code или Cursor?

Открой SecureMCP Agentic на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.

Похожие MCP

Compare SecureMCP Agentic with

Не уверен что выбрать?

Найди свой стек за 60 секунд

Автор?

Embed-бейдж для README

Похожее

Все в категории development