{"passport":{"unfragile":{"@version":"1.0","version":"2026-05","artifact":{"id":"awesome-secure-fetch","slug":"secure-fetch","name":"Secure Fetch","type":"mcp","url":"https://github.com/appsec-innovation-labs/secure-mcp-fetch","page_url":"https://unfragile.ai/secure-fetch","categories":["mcp-servers"],"tags":[],"pricing":{"model":"open_source","free":true,"starting_price":null},"status":"active","verified":false},"capabilities":[{"id":"awesome-secure-fetch__cap_0","uri":"capability://safety.moderation.url.allowlist.based.fetch.request.filtering","name":"url allowlist-based fetch request filtering","description":"Implements a whitelist-based security model that validates HTTP/HTTPS fetch requests against a configurable allowlist before execution. The MCP server intercepts fetch calls and checks the target URL against permitted domains/patterns, blocking any requests to unlisted resources. This prevents LLM agents from accidentally or maliciously accessing local file:// URIs, internal IP ranges (127.0.0.1, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16), or metadata endpoints (169.254.169.254).","intents":["Prevent LLM agents from accessing sensitive local files or internal services","Restrict fetch operations to only approved external APIs and domains","Block SSRF (Server-Side Request Forgery) attacks via LLM tool calling","Enforce network isolation policies in multi-tenant or untrusted LLM environments"],"best_for":["Teams deploying LLM agents in production with strict security requirements","Organizations running untrusted or third-party LLM models","Security-conscious builders integrating Claude or other LLMs with external APIs"],"limitations":["Allowlist must be manually configured — no automatic policy generation","Regex-based URL matching may have false positives/negatives for complex URL patterns","No built-in support for dynamic allowlist updates without server restart","Cannot distinguish between intentional and accidental requests to blocked resources"],"requires":["MCP-compatible client (Claude Desktop, custom MCP host, or Cline)","Node.js 16+ or Python 3.8+ (depending on implementation)","Configuration file or environment variables to define allowlist"],"input_types":["URL strings","HTTP method (GET, POST, etc.)","Request headers and body (optional)"],"output_types":["HTTP response body (text, JSON, HTML)","HTTP status codes","Error messages for blocked requests"],"categories":["safety-moderation","tool-use-integration"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"awesome-secure-fetch__cap_1","uri":"capability://safety.moderation.local.file.access.blocking.with.ip.range.detection","name":"local file access blocking with ip range detection","description":"Detects and blocks requests to local file:// URIs and private IP address ranges (RFC 1918: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, plus loopback 127.0.0.1 and link-local 169.254.0.0/16). The implementation parses the target URL, extracts the hostname, resolves it to IP addresses, and checks against a hardcoded list of private/reserved ranges. This prevents LLM agents from reading /etc/passwd, accessing localhost services, or querying cloud metadata endpoints.","intents":["Block LLM agents from reading sensitive local files via file:// protocol","Prevent access to internal services running on localhost or private networks","Stop exploitation of cloud metadata endpoints (AWS IMDSv1, GCP metadata service)","Enforce zero-trust network policies for LLM tool execution"],"best_for":["Cloud-hosted LLM applications where agents must not access instance metadata","Multi-tenant SaaS platforms using LLMs to prevent cross-tenant data leakage","Organizations with strict compliance requirements (SOC 2, HIPAA, PCI-DSS)"],"limitations":["DNS resolution adds latency (~50-200ms per request) and may be cached inconsistently","Cannot block IPv6 private ranges if implementation only checks IPv4","Hostname resolution can be spoofed or bypassed via direct IP addresses","No support for blocking custom private IP ranges beyond RFC 1918"],"requires":["DNS resolver access (system resolver or custom DNS client)","MCP server with network access to perform DNS lookups","Configuration to define additional private ranges if needed"],"input_types":["URL with hostname or IP address","file:// protocol URIs"],"output_types":["Boolean (allowed/blocked)","Error message explaining why request was blocked"],"categories":["safety-moderation","tool-use-integration"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"awesome-secure-fetch__cap_2","uri":"capability://tool.use.integration.mcp.protocol.level.request.interception.and.validation","name":"mcp protocol-level request interception and validation","description":"Implements a Model Context Protocol (MCP) server that intercepts fetch tool calls before they reach the underlying HTTP client. The server acts as a middleware layer in the MCP message flow, validating each fetch request against security policies and either allowing it to proceed or returning a blocked response. This architecture allows the security layer to be transparent to the LLM client and enforces policy consistently across all LLM applications using the MCP standard.","intents":["Integrate security policies into LLM tool execution without modifying client code","Enforce consistent fetch restrictions across multiple LLM applications","Audit and log all fetch requests made by LLM agents","Provide a single point of control for network access policies"],"best_for":["Teams managing multiple LLM applications and needing centralized security","Organizations adopting MCP as a standard for LLM tool integration","Security teams building compliance-focused LLM infrastructure"],"limitations":["Requires MCP-compatible client — does not work with non-MCP LLM integrations","Adds latency to every fetch request (policy evaluation overhead)","No built-in request/response logging — requires external integration","Policy changes require server restart unless hot-reload is implemented"],"requires":["MCP client implementation (Claude Desktop, Cline, or custom MCP host)","MCP server runtime (Node.js, Python, or other supported language)","Understanding of MCP protocol and tool schema definitions"],"input_types":["MCP tool call messages with fetch parameters"],"output_types":["MCP tool result messages with HTTP response or error"],"categories":["tool-use-integration","safety-moderation"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"awesome-secure-fetch__cap_3","uri":"capability://safety.moderation.configurable.url.allowlist.with.pattern.matching","name":"configurable url allowlist with pattern matching","description":"Provides a configuration mechanism to define allowed URLs using exact matches, wildcard patterns, or regex expressions. The implementation loads allowlist rules from a configuration file or environment variables, then evaluates incoming fetch requests against these rules using pattern matching. This allows operators to define fine-grained policies such as 'allow api.example.com but not api.example.com/admin' or 'allow any subdomain of trusted-domain.com'.","intents":["Define which external APIs and domains LLM agents are permitted to access","Create environment-specific allowlists (dev, staging, production)","Support dynamic allowlisting for partner integrations","Enable least-privilege access for LLM tool execution"],"best_for":["Teams with specific API integrations that LLM agents should access","Organizations needing environment-specific security policies","Builders creating LLM applications with restricted external API access"],"limitations":["Allowlist must be manually maintained — no automatic discovery of required APIs","Regex patterns may be complex to write and debug correctly","No built-in versioning or rollback for policy changes","Pattern matching performance degrades with large allowlists (100+ entries)"],"requires":["Configuration file format (JSON, YAML, or environment variables)","Pattern matching library (e.g., minimatch, micromatch for glob patterns)","Ability to restart or reload server to apply policy changes"],"input_types":["Configuration file with URL patterns","Environment variables with allowlist rules"],"output_types":["Parsed allowlist rules","Boolean result of URL matching against rules"],"categories":["safety-moderation","automation-workflow"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"awesome-secure-fetch__cap_4","uri":"capability://tool.use.integration.http.response.passthrough.with.security.validation","name":"http response passthrough with security validation","description":"Allows approved fetch requests to proceed to the target server and returns the HTTP response (status code, headers, body) to the LLM agent. The implementation validates the request against security policies, then uses a standard HTTP client (node-fetch, requests, etc.) to execute the request and stream the response back through the MCP protocol. This ensures that only security-approved requests reach external services.","intents":["Enable LLM agents to fetch data from approved external APIs","Return HTTP responses (JSON, HTML, plain text) to LLM agents for processing","Support various HTTP methods (GET, POST, PUT, DELETE) with request bodies","Preserve HTTP headers and status codes for error handling"],"best_for":["LLM applications that need to integrate with external APIs","Agents that fetch real-time data (weather, stock prices, news)","Builders creating LLM tools that require HTTP access"],"limitations":["Response size is limited by MCP message size constraints (typically 4MB-100MB)","Large file downloads may timeout or be truncated","No built-in response caching — each request hits the external service","Streaming responses may not be fully supported depending on MCP client"],"requires":["HTTP client library (node-fetch, requests, curl, etc.)","Network connectivity to external services","Proper timeout configuration to prevent hanging requests"],"input_types":["HTTP method (GET, POST, etc.)","URL","Request headers","Request body (optional)"],"output_types":["HTTP status code","Response headers","Response body (text, JSON, HTML, binary)"],"categories":["tool-use-integration","search-retrieval"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"awesome-secure-fetch__cap_5","uri":"capability://safety.moderation.request.blocking.with.detailed.error.messages","name":"request blocking with detailed error messages","description":"When a fetch request violates security policies (e.g., targets a blocked IP range or unlisted domain), the MCP server returns a detailed error message explaining why the request was blocked and what policies apply. The implementation catches policy violations, constructs a human-readable error response, and returns it through the MCP protocol. This helps developers understand why their LLM agents cannot access certain resources and guides them toward compliant API usage.","intents":["Provide clear feedback to LLM agents when fetch requests are blocked","Help developers understand security policies and why requests fail","Enable debugging of LLM agent behavior when API access is restricted","Document security policies through error messages"],"best_for":["Development teams building LLM agents with restricted API access","Security teams that need to audit why requests were blocked","Operators managing LLM infrastructure with complex security policies"],"limitations":["Error messages may leak information about security policies to LLM agents","Verbose error messages can increase MCP message size","No built-in internationalization for error messages","Error messages are not standardized across different policy violations"],"requires":["Error message templates or formatting logic","Policy evaluation results to determine reason for blocking"],"input_types":["Blocked URL","Policy violation reason (e.g., 'private IP range', 'unlisted domain')"],"output_types":["Error message string","Error code or classification"],"categories":["safety-moderation","tool-use-integration"],"confidence":0.5,"matches":0,"success_rate":0}],"trust":{"score":25,"verified":false,"data_access_risk":"high","permissions":["MCP-compatible client (Claude Desktop, custom MCP host, or Cline)","Node.js 16+ or Python 3.8+ (depending on implementation)","Configuration file or environment variables to define allowlist","DNS resolver access (system resolver or custom DNS client)","MCP server with network access to perform DNS lookups","Configuration to define additional private ranges if needed","MCP client implementation (Claude Desktop, Cline, or custom MCP host)","MCP server runtime (Node.js, Python, or other supported language)","Understanding of MCP protocol and tool schema definitions","Configuration file format (JSON, YAML, or environment variables)"],"failure_modes":["Allowlist must be manually configured — no automatic policy generation","Regex-based URL matching may have false positives/negatives for complex URL patterns","No built-in support for dynamic allowlist updates without server restart","Cannot distinguish between intentional and accidental requests to blocked resources","DNS resolution adds latency (~50-200ms per request) and may be cached inconsistently","Cannot block IPv6 private ranges if implementation only checks IPv4","Hostname resolution can be spoofed or bypassed via direct IP addresses","No support for blocking custom private IP ranges beyond RFC 1918","Requires MCP-compatible client — does not work with non-MCP LLM integrations","Adds latency to every fetch request (policy evaluation overhead)","builder identity is not verified yet","no observed match outcomes yet"],"rank_breakdown":{"adoption":0.05,"quality":0.22,"ecosystem":0.39999999999999997,"match_graph":0.25,"freshness":0.52,"weights":{"adoption":0.25,"quality":0.25,"ecosystem":0.15,"match_graph":0.23,"freshness":0.12}},"observed_outcomes":{"matches":0,"success_rate":0,"avg_confidence":0,"top_intents":[],"last_matched_at":null},"maintenance":{"status":"active","updated_at":"2026-06-17T09:51:04.049Z","last_scraped_at":"2026-05-03T14:00:15.503Z","last_commit":null},"community":{"stars":null,"forks":null,"weekly_downloads":null,"model_downloads":null,"model_likes":null}},"distribution":{"claim_url":"https://unfragile.ai/submit?claim=secure-fetch","compare_url":"https://unfragile.ai/compare?artifact=secure-fetch"}},"signature":"x/1pKDQTZAwFTK6K3fDa+Zat8JLpNhs1DRky2hg+tB3K7rFfT3GKUgMM7KBdAthbeYvEbtJsn5CfqpQ2+j2LCA==","signedAt":"2026-06-21T07:34:24.432Z","signedBy":"unfragile.ai","version":1},"_links":{"self":"https://unfragile.ai/api/v1/passport/secure-fetch","artifact":"https://unfragile.ai/secure-fetch","verify":"https://unfragile.ai/api/v1/verify?slug=secure-fetch","publicKey":"https://unfragile.ai/api/v1/trust-passport-public-key","spec":"https://unfragile.ai/trust","schema":"https://unfragile.ai/schema.json","docs":"https://unfragile.ai/docs"}}