{"passport":{"unfragile":{"@version":"1.0","version":"2026-05","artifact":{"id":"npm_npm-aicludemcp-guard","slug":"npm-aicludemcp-guard","name":"@aiclude/mcp-guard","type":"mcp","url":"https://www.npmjs.com/package/@aiclude/mcp-guard","page_url":"https://unfragile.ai/npm-aicludemcp-guard","categories":["mcp-servers","code-review-security"],"tags":["mcp","security","proxy","guard","tool-poisoning","prompt-injection","model-context-protocol"],"pricing":{"model":"open_source","free":true,"starting_price":null},"status":"active","verified":false},"capabilities":[{"id":"npm_npm-aicludemcp-guard__cap_0","uri":"capability://safety.moderation.mcp.tool.call.interception.and.policy.enforcement","name":"mcp tool call interception and policy enforcement","description":"Intercepts all outbound MCP tool invocations at the protocol level before execution, applies configurable security policies (allowlists, denylists, parameter validation rules), and either permits or blocks execution based on policy match. Uses a proxy middleware pattern that sits between the MCP client and server, inspecting the tool name, parameters, and execution context against a declarative policy ruleset.","intents":["I want to prevent untrusted LLM agents from calling dangerous tools like file deletion or credential access","I need to enforce organization-wide security policies on which tools can be called in which contexts","I want to audit and log all tool calls before they execute for compliance and debugging"],"best_for":["teams deploying LLM agents in production with untrusted model outputs","enterprises requiring tool-level access control and audit trails","developers building multi-tenant MCP systems where isolation is critical"],"limitations":["Policy evaluation adds latency per tool call (exact overhead depends on ruleset complexity)","No built-in support for dynamic policy updates without restarting the MCP runtime","Policies are static configuration — no runtime learning or anomaly detection","Cannot inspect tool execution side effects after they occur, only blocks pre-execution"],"requires":["Node.js 16+ (MCP runtime requirement)","MCP server and client compatible with proxy middleware pattern","Policy configuration file in JSON or YAML format"],"input_types":["MCP tool call objects (name, parameters, context)","Security policy ruleset (JSON/YAML)"],"output_types":["allow/block decision with reason","audit log entries (JSON)","error responses for blocked calls"],"categories":["safety-moderation","tool-use-integration"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"npm_npm-aicludemcp-guard__cap_1","uri":"capability://safety.moderation.prompt.injection.attack.detection.and.mitigation","name":"prompt injection attack detection and mitigation","description":"Analyzes tool parameters and execution context for indicators of prompt injection attacks (e.g., suspicious patterns in string parameters that attempt to override tool behavior or escape context). Uses pattern matching, heuristic analysis, or optional integration with LLM-based classifiers to detect malicious payloads and either sanitize parameters or block execution. Operates on the parameter values before they reach the underlying tool implementation.","intents":["I want to detect when an LLM is trying to inject malicious instructions into tool parameters","I need to sanitize user-controlled inputs that flow through MCP tools to prevent prompt injection","I want to understand which tool calls are suspicious and log them for security review"],"best_for":["systems where tool parameters can be influenced by untrusted LLM outputs or user input","teams building agents that call tools with string parameters (file paths, SQL queries, shell commands)","organizations needing to detect and respond to prompt injection attempts in real-time"],"limitations":["Heuristic-based detection has false positive/negative rates — no perfect accuracy","Cannot detect sophisticated injection attacks that use encoding, obfuscation, or multi-step exploitation","Sanitization may break legitimate use cases if rules are too aggressive","Requires tuning detection thresholds per tool type and parameter context"],"requires":["Node.js 16+","MCP guard runtime with detection engine enabled","Optional: LLM API key if using classifier-based detection (adds latency)"],"input_types":["MCP tool call parameters (strings, objects, arrays)","Tool metadata (name, parameter types, descriptions)"],"output_types":["risk score or classification (safe/suspicious/malicious)","sanitized parameter values","detection reason and evidence"],"categories":["safety-moderation","planning-reasoning"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"npm_npm-aicludemcp-guard__cap_2","uri":"capability://safety.moderation.tool.poisoning.prevention.via.parameter.schema.validation","name":"tool poisoning prevention via parameter schema validation","description":"Validates all tool call parameters against strict schemas before execution, ensuring parameters match expected types, formats, ranges, and constraints. Uses JSON Schema or similar declarative validation rules to reject malformed or out-of-bounds parameters that could cause tool misbehavior or security issues. Validation happens synchronously at the proxy layer, blocking invalid calls before they reach the tool implementation.","intents":["I want to ensure tools only receive parameters in the exact format and range they expect","I need to prevent type confusion attacks where an LLM passes wrong parameter types to tools","I want to validate file paths, URLs, and other sensitive parameters against allowlists or format rules"],"best_for":["teams with strict parameter contracts for tools (e.g., file operations, API calls)","systems where parameter validation is critical for security (e.g., SQL injection prevention)","developers building tools that are sensitive to input format or range"],"limitations":["Requires explicit schema definition for each tool — no automatic schema inference","Cannot validate semantic correctness (e.g., whether a file path actually exists or is accessible)","Overly strict schemas may reject legitimate edge cases","No support for conditional validation (e.g., parameter A is required only if parameter B is set)"],"requires":["Node.js 16+","Tool schema definitions in JSON Schema format","MCP guard runtime with validation engine"],"input_types":["MCP tool call parameters (any JSON-serializable type)","JSON Schema definitions for each tool"],"output_types":["validation pass/fail decision","detailed error messages for validation failures","normalized/coerced parameter values (if configured)"],"categories":["safety-moderation","tool-use-integration"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"npm_npm-aicludemcp-guard__cap_3","uri":"capability://safety.moderation.context.aware.access.control.for.tool.execution","name":"context-aware access control for tool execution","description":"Enforces fine-grained access control rules based on execution context (caller identity, tool name, parameter values, execution environment, time-based policies). Uses a context evaluation engine that matches incoming tool calls against rules like 'allow tool X only if caller is admin' or 'block file deletion after business hours'. Rules are expressed declaratively and evaluated synchronously at the proxy layer before tool execution.","intents":["I want to restrict certain tools to specific users or roles (e.g., only admins can delete data)","I need to enforce time-based access policies (e.g., no destructive operations during business hours)","I want to allow different tools based on the LLM model or agent type making the call"],"best_for":["multi-tenant systems where different users have different tool access levels","enterprises with role-based access control (RBAC) requirements","teams needing to enforce time-based or environment-based tool restrictions"],"limitations":["Requires integration with identity/authentication system to pass caller context","Rules are static — no dynamic policy updates without restarting","Cannot express complex conditional logic (e.g., 'allow if caller is admin AND tool is read-only')","No built-in support for attribute-based access control (ABAC) with dynamic attributes"],"requires":["Node.js 16+","Identity context passed with each MCP call (user ID, role, etc.)","Access control rule definitions in JSON/YAML"],"input_types":["MCP tool call with execution context (caller, environment, timestamp)","Access control rule definitions"],"output_types":["allow/deny decision with reason","audit log entry with context details"],"categories":["safety-moderation","automation-workflow"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"npm_npm-aicludemcp-guard__cap_4","uri":"capability://safety.moderation.comprehensive.tool.call.audit.logging.and.tracing","name":"comprehensive tool call audit logging and tracing","description":"Logs all tool calls (allowed and blocked) with full context including caller identity, tool name, parameters, decision reason, timestamp, and execution result. Stores logs in a structured format (JSON) that can be queried, analyzed, and exported for compliance audits. Integrates with optional external logging systems (e.g., Datadog, Splunk) via standard log sinks. Provides request tracing IDs to correlate tool calls across distributed systems.","intents":["I need to audit all tool calls for compliance and security investigations","I want to understand which tools are being called most frequently and by whom","I need to export tool call logs for compliance reports or incident response"],"best_for":["regulated industries (finance, healthcare) requiring audit trails","teams investigating security incidents or anomalous tool usage","organizations needing to demonstrate tool access control for compliance"],"limitations":["Logging adds latency per tool call (typically <10ms for local logging)","Requires external storage for long-term log retention (logs can grow quickly)","No built-in log analysis or anomaly detection — requires external tools","Sensitive data in parameters may be logged unless explicitly redacted"],"requires":["Node.js 16+","Storage for audit logs (local filesystem, cloud storage, or logging service)","Optional: external logging service API key (Datadog, Splunk, etc.)"],"input_types":["MCP tool calls with full context","Logging configuration (format, destination, retention)"],"output_types":["Structured audit logs (JSON)","Log exports in standard formats (CSV, JSON Lines)","Tracing IDs for correlation"],"categories":["safety-moderation","data-processing-analysis"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"npm_npm-aicludemcp-guard__cap_5","uri":"capability://safety.moderation.rate.limiting.and.abuse.prevention.for.tool.calls","name":"rate limiting and abuse prevention for tool calls","description":"Enforces rate limits on tool calls to prevent abuse, DoS attacks, or resource exhaustion. Supports multiple rate limiting strategies (per-caller, per-tool, per-caller-per-tool, time-window based) and can apply different limits based on execution context. Uses token bucket or sliding window algorithms to track call rates and reject calls that exceed configured limits. Provides configurable backoff strategies and quota reset policies.","intents":["I want to prevent a single LLM agent from calling expensive tools too frequently","I need to enforce per-user rate limits to prevent abuse in multi-tenant systems","I want to protect backend systems from being overwhelmed by tool calls"],"best_for":["multi-tenant systems where users share tool resources","teams protecting expensive or rate-limited backend services","systems where tool calls consume significant resources (API calls, database queries)"],"limitations":["Rate limits are enforced locally — no distributed rate limiting across multiple MCP instances","Requires careful tuning of limits per tool and caller to avoid false positives","No built-in support for quota pooling or burst allowances","Rejected calls return errors — no graceful degradation or queuing"],"requires":["Node.js 16+","Rate limit configuration (limits per tool, caller, time window)","Optional: distributed state store for rate limit tracking across instances"],"input_types":["MCP tool calls with caller context","Rate limit configuration rules"],"output_types":["allow/reject decision with remaining quota","rate limit error responses","quota usage metrics"],"categories":["safety-moderation","automation-workflow"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"npm_npm-aicludemcp-guard__cap_6","uri":"capability://safety.moderation.declarative.security.policy.configuration.and.management","name":"declarative security policy configuration and management","description":"Provides a declarative configuration format (JSON/YAML) for defining all security policies (allowlists, denylists, parameter validation, access control, rate limits) in a single place. Policies are version-controlled, auditable, and can be updated without code changes. Includes schema validation for policy definitions and provides clear error messages for misconfiguration. Supports policy composition and inheritance to reduce duplication.","intents":["I want to define all security policies in a single, version-controlled configuration file","I need to update security policies without redeploying the MCP runtime","I want to validate policy configurations before applying them to catch errors early"],"best_for":["teams managing security policies across multiple MCP deployments","organizations requiring policy auditability and version control","developers who want to express security policies declaratively without code"],"limitations":["Policy updates require restarting the MCP runtime (no hot reload)","Complex policies can become difficult to read and maintain in YAML/JSON","No built-in support for policy versioning or rollback","Limited expressiveness for very complex conditional logic"],"requires":["Node.js 16+","Policy configuration file in JSON or YAML format","MCP guard runtime"],"input_types":["Policy definitions in JSON/YAML","Policy schema for validation"],"output_types":["Validated policy configuration","Configuration error messages","Policy documentation"],"categories":["safety-moderation","automation-workflow"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"npm_npm-aicludemcp-guard__cap_7","uri":"capability://safety.moderation.integration.with.external.identity.and.authorization.systems","name":"integration with external identity and authorization systems","description":"Integrates with external identity providers (OAuth2, SAML, OIDC) and authorization systems (RBAC, ABAC, policy engines) to make access control decisions based on external context. Supports token validation, role/attribute lookup, and delegation to external policy engines. Caches identity and authorization data to minimize latency and external service dependencies. Provides hooks for custom authorization logic via pluggable adapters.","intents":["I want to use my existing identity provider (Okta, Auth0) for MCP tool access control","I need to enforce authorization policies from an external policy engine (OPA, Authz service)","I want to look up user roles and attributes from an external system to make access decisions"],"best_for":["enterprises with existing identity and authorization infrastructure","teams needing to integrate MCP security with organization-wide access control","systems where authorization decisions require external context or policy engines"],"limitations":["Adds latency for external service calls (mitigated by caching, but cache staleness is a tradeoff)","Requires network connectivity to external services — no offline fallback","Integration complexity depends on external service API (OAuth2 is standard, custom services require adapters)","Cache invalidation and refresh policies must be carefully tuned"],"requires":["Node.js 16+","External identity provider or authorization service","API credentials for external services","Network connectivity to external services"],"input_types":["MCP tool calls with caller identity (token, user ID, etc.)","Integration configuration (provider type, endpoints, credentials)"],"output_types":["Authorization decision (allow/deny)","User roles and attributes from external system","Audit logs with external authorization context"],"categories":["safety-moderation","tool-use-integration"],"confidence":0.5,"matches":0,"success_rate":0}],"trust":{"score":32,"verified":false,"data_access_risk":"high","permissions":["Node.js 16+ (MCP runtime requirement)","MCP server and client compatible with proxy middleware pattern","Policy configuration file in JSON or YAML format","Node.js 16+","MCP guard runtime with detection engine enabled","Optional: LLM API key if using classifier-based detection (adds latency)","Tool schema definitions in JSON Schema format","MCP guard runtime with validation engine","Identity context passed with each MCP call (user ID, role, etc.)","Access control rule definitions in JSON/YAML"],"failure_modes":["Policy evaluation adds latency per tool call (exact overhead depends on ruleset complexity)","No built-in support for dynamic policy updates without restarting the MCP runtime","Policies are static configuration — no runtime learning or anomaly detection","Cannot inspect tool execution side effects after they occur, only blocks pre-execution","Heuristic-based detection has false positive/negative rates — no perfect accuracy","Cannot detect sophisticated injection attacks that use encoding, obfuscation, or multi-step exploitation","Sanitization may break legitimate use cases if rules are too aggressive","Requires tuning detection thresholds per tool type and parameter context","Requires explicit schema definition for each tool — no automatic schema inference","Cannot validate semantic correctness (e.g., whether a file path actually exists or is accessible)","builder identity is not verified yet","no observed match outcomes yet"],"rank_breakdown":{"adoption":0.05,"quality":0.26,"ecosystem":0.6000000000000001,"match_graph":0.25,"freshness":0.75,"weights":{"adoption":0.25,"quality":0.25,"ecosystem":0.15,"match_graph":0.23,"freshness":0.12}},"observed_outcomes":{"matches":0,"success_rate":0,"avg_confidence":0,"top_intents":[],"last_matched_at":null},"maintenance":{"status":"active","updated_at":"2026-05-24T12:16:23.903Z","last_scraped_at":"2026-05-03T14:23:58.179Z","last_commit":null},"community":{"stars":null,"forks":null,"weekly_downloads":null,"model_downloads":null,"model_likes":null}},"distribution":{"claim_url":"https://unfragile.ai/submit?claim=npm-aicludemcp-guard","compare_url":"https://unfragile.ai/compare?artifact=npm-aicludemcp-guard"}},"signature":"qkUKKsFj18XJfREQ9Fr8OQHyJzw5uC5LxvXQ+8jsqTR2ZoT/YN4xq2P117K5CQWLRWaUrswllX5LLwX9x7ENDA==","signedAt":"2026-06-19T21:53:38.613Z","signedBy":"unfragile.ai","version":1},"_links":{"self":"https://unfragile.ai/api/v1/passport/npm-aicludemcp-guard","artifact":"https://unfragile.ai/npm-aicludemcp-guard","verify":"https://unfragile.ai/api/v1/verify?slug=npm-aicludemcp-guard","publicKey":"https://unfragile.ai/api/v1/trust-passport-public-key","spec":"https://unfragile.ai/trust","schema":"https://unfragile.ai/schema.json","docs":"https://unfragile.ai/docs"}}