MCP Defender is an open source desktop app that automatically proxies your MCP traffic in AI apps like Cursor, Claude, Windsurf and VSCode. It then scans all requests and responses between the apps and the MCP tools they call. If it detects anything malicious, it alerts you and lets you allow or block the tool call. While the threat landscape of MCP is still being actively researched, there are dangerous things that MCP Defender can block today. For example, a developer asks Cursor to fix a Github issue with an attached crash log. However, the Github issue was created by an attacker who included secret instructions buried in the crash log. These instructions tell Cursor to send the developer’s SSH keys to a server the attacker controls. MCP Defender detects these malicious instructions and alerts the developer who otherwise may not be careful in running tool calls. The scanning is currently done via an LLM and checks for things like prompt injection, credential theft (ssh keys, tokens) and arbitrary code execution. You can use an MCP Defender account or provide your own API keys for LLM providers to perform the scanning. Currently we’ve published a beta Mac build and we’ll soon publish builds for Windows and Linux as well. Any feedback would be greatly appreciated. Thanks!

Sundeep Gottipati

MCP Defender

Maker

📌

5d ago

Masum Parvej

@sundeep_gottipati Would be great to have a log history to review past alerts.

2d ago

@masump You can see your log history on the Threats tab to review past alerts. We’ll soon be adding the ability to filter the log history by status, app, tool, time range etc. Thanks for your comment!

Jascha

@sundeep_gottipati FYI in README footer it says license is CC BY-NC-SA 4.0 but sidebar

AGPL-3.0 license.

1d ago

@jaschadub Thank you! Just fixed the license to mention AGPL-3.0 license.

13h ago

Mike Staub

Nice tool!

7h ago

MCP Defender

Automatically protects Cursor and other AI apps