cyberneticlibrary
← library

Secure MCP servers from injection attacks

mcp-secure-servermcp_serversetup L20
aself101/mcp-secure-server
What it does

Defend MCP servers from injection, path traversal, XSS, prototype pollution, SSRF via 5-layer validation

Best for

Production MCP servers handling untrusted agent inputs where defense-in-depth security is required.

Inputs
  • · tool arguments from agents
  • · resource requests
  • · prompt inputs
Outputs
  • · sanitized/validated inputs
  • · structured error responses for failed validations
Requires
  • · @modelcontextprotocol/sdk
  • · zod (schema validation)
Preconditions
  • · Node.js v18+
  • · MCP server using MCP SDK
  • · Zod schemas for tool inputs
Failure modes
  • · False positives on legitimate complex inputs (JSONs, base64)
  • · Performance overhead from deep validation on every request
  • · Custom attacks bypassing generic validation rules
Trust signals
  • · 1134 tests passing
  • · 86% code coverage
  • · MIT licensed
  • · Pre-built security presets (basic/standard/paranoid)
  • · 20+ attack vectors covered