frontpage.

Show HN: ContextGuard – Open-source security monitoring for MCP servers

https://github.com/amironi/contextguard

1•amironi•8h ago

I built ContextGuard after discovering that 43% of MCP servers have critical security vulnerabilities. MCP (Model Context Protocol) is the new standard that lets Claude Clients(Desktop, Windsurf, Cursor, etc.) access external tools and data sources - think of it as a plugin system for AI assistants.

The problem: When you give those clients access to your filesystem, databases, or APIs through MCP servers, you're opening up serious attack vectors. Prompt injection, data leakage, and path traversal attacks are all possible. Most developers building MCP servers don't have security expertise, and there wasn't an easy way to add protection.

What ContextGuard does: - Wraps your MCP server as a transparent security proxy - Detects 8+ prompt injection patterns in real-time - Scans for sensitive data (API keys, passwords, SSNs) in responses - Prevents path traversal attacks - Rate limiting to prevent abuse - Comprehensive JSON logging for auditing - <1% performance overhead

Technical approach: - TypeScript-based stdio proxy - Pattern matching + heuristics for threat detection - Works with any MCP server using stdio transport - Zero code changes needed - just wrap your existing server - All detection happens synchronously in the request/response flow

The README includes a testing section where you can see the same attacks succeed on an unprotected server vs being blocked with ContextGuard enabled. It's pretty eye-opening to see how easy these attacks are.

Why open source: Security tools need transparency. I want the community to audit the detection patterns, contribute new ones, and help identify blind spots. Plus, MCP is still early days - we need to establish security best practices together.

Roadmap: Currently working on SSE/HTTP transport support, a web dashboard for monitoring, and a custom rule engine. Planning to offer Pro features for enterprises (team management, priority support, advanced analytics) while keeping the core security features free and open source forever.

I'd love feedback on: 1. What other attack patterns should I prioritize detecting? 2. Is the web dashboard a must-have or nice-to-have? 3. Any blind spots in the current detection logic? 4. Should I focus more on detection accuracy or performance?

The project is on GitHub with full docs and examples: https://github.com/amironi/contextguard

You can try it right now: npm install -g contextguard contextguard --server "node your-mcp-server.js"

Happy to answer any questions!

Aposematism

B.C. gov't proposes new power rules for AI, data centres

A simple way to send emails using Docker and bash

IP over Avian Carriers NBN Proposal

Mosquitoes found in Iceland for first time as climate crisis warms country

Open Source VDI

Multimodal AI startup Fal.ai raised at $4B+ valuation

Donor Kidney Reprogrammed to Universal Type O

Expanding forest research with terrestrial Lidar technology

Grasshopper Is a Way to Play

Tea Alp

Instant coffee just beat drip

Measuring the Impact of Early-2025 AI on Experienced Developer Productivity

Keanu Codes

African e-mobility company (Spiro) to raise $100M

Apple Watch's hypertension alert misses half cases, but may boost treatment

Career Snakes and Ladders

Lottery-fication of Everything: 0 day options, perps, parlays are now mainstream

Useful bias manipulation re: LLM – the stochastic parrot speaks

rlsw – Raylib software OpenGL renderer in less than 5k LOC

Tidy Up Your Data

Show HN: I use ChatGPT these days to develop new features quickly

We resolve a $1000 Erdős problem, with a Lean proof vibe coded using ChatGPT

Using AI and automation to migrate between instruction sets

Python 2.7.18.11 (extended support 2025)

Domains and Bounded Contexts Don't Map 1 on 1

We rewrote OpenFGA in pure Postgres

Have Lots of AWS Accounts

AGI vs. AGi: Intelligence vs. intuition

AI eats leisure time, makes employees work more, study finds